QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-33291

Back to search

CVE-2026-33291

Published: Mar 20, 2026

Modified: Mar 24, 2026

PUBLISHED

Description

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

VendorProductVersions

discourse

discourse

affected
>= 2026.1.0-latest, < 2026.1.2
affected
>= 2026.2.0-latest, < 2026.2.1
affected
= 2026.3.0-latest

Weaknesses (CWE)

CWE-863

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now