CVE-2026-32951 in Discourse
Sumário (Inglês)
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a category_id parameter matching the shared drafts category. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.
Responsável
GitHub_M
Reservar
17/03/2026
Divulgação
31/03/2026
Inscrições
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidade | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 354475 | Discourse Parameter Divulgação de Informação | 200 | Não definido | Correção oficial | CVE-2026-32951 |