CVE-2026-32619
Published: Mar 31, 2026
Modified: Mar 31, 2026
Description
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic (e.g., removed from a private category group) could still interact with polls in that topic, including voting and toggling poll status. No content was exposed, but users could modify poll state in topics they should no longer have access to. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.
| Vendor | Product | Versions |
|---|---|---|
discourse | discourse | affected >= 2026.1.0-latest, < 2026.1.3affected >= 2026.2.0-latest, < 2026.2.2affected >= 2026.3.0-latest, < 2026.3.0 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now