CVE-2026-27570 in Discourse
Summary
by MITRE • 03/20/2026
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, tighten access by changing the `ai_bot_public_sharing_allowed_groups` site setting.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/25/2026
The vulnerability identified as CVE-2026-27570 affects Discourse, an open-source discussion platform, specifically targeting the SharedAiConversation model's onebox method implementation. This flaw represents a classic server-side template injection vulnerability that allows for cross-site scripting attacks through improper input sanitization. The vulnerability exists in versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, where the conversation title parameter is directly rendered into HTML output without adequate sanitization measures. This represents a CWE-79 vulnerability category, specifically a cross-site scripting issue where malicious input can be executed in the context of other users' browsers.
The technical flaw manifests when the onebox method processes conversation titles and incorporates them directly into HTML markup without proper encoding or sanitization. Attackers can exploit this by crafting malicious conversation titles containing HTML or JavaScript payloads that will execute when other users view the oneboxed content. The vulnerability enables attackers to perform actions such as stealing session cookies, redirecting users to malicious sites, or executing arbitrary JavaScript code in the context of the victim's browser session. This type of vulnerability falls under the ATT&CK framework category of T1059.001 - Command and Scripting Interpreter: JavaScript, as it allows for JavaScript code execution through the web interface.
The operational impact of this vulnerability is significant for Discourse installations, as it could allow unauthorized users to compromise other users' sessions and potentially escalate privileges within the platform. The vulnerability affects the core functionality of the AI conversation sharing feature, which is designed to display AI-generated content in a user-friendly format. When exploited, attackers could gain persistent access to user sessions, potentially leading to data theft, content manipulation, or unauthorized actions within the discussion platform. The vulnerability particularly affects environments where AI conversations are shared publicly or where multiple users have access to the shared AI conversation feature.
The patch released in versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 addresses the vulnerability by implementing proper input sanitization and HTML encoding for conversation titles before rendering them in HTML output. Organizations can also implement a temporary workaround by modifying the `ai_bot_public_sharing_allowed_groups` site setting to restrict access to the AI conversation sharing feature. This approach limits the attack surface by preventing unauthorized groups from sharing AI conversations, effectively reducing the risk of exploitation. The vulnerability demonstrates the importance of proper input validation and output encoding in web applications, particularly when handling user-generated content that may be displayed in HTML contexts. Security practitioners should ensure all user-provided data is properly sanitized before inclusion in HTML output to prevent XSS vulnerabilities of this nature.