Description
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a category_id parameter matching the shared drafts category. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.
Published: 2026-03-31
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: Confidentiality Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability allows an authenticated user to read shared draft topic titles by crafting an inline onebox request with a category_id that points to the shared drafts category. Because the request bypasses proper authorization checks, the attacker can view content that should be hidden. This is a confidentiality breach and is classified under CWE-200 – Information Exposure.

Affected Systems

Discourse mobile and web platform 2026.1.0‑latest to before 2026.1.3, 2026.2.0‑latest to before 2026.2.2, 2026.3.0‑latest to before 2026.3.0 are affected. Versions 2026.1.3, 2026.2.2, and 2026.3.0 contain the fix.

Risk and Exploitability

The CVSS base score of 4.3 indicates moderate severity. The vulnerability requires the user to be authenticated, which is a precondition that limits exploitability. No public exploit was published, and the vulnerability is not in the CISA KEV catalog. An attacker can likely trigger the vulnerability by sending a crafted onebox request through the web interface or API once authenticated.

Generated by OpenCVE AI on March 31, 2026 at 19:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Discourse to the patched versions: 2026.1.3, 2026.2.2, or 2026.3.0.

Generated by OpenCVE AI on March 31, 2026 at 19:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Discourse
Discourse discourse
Vendors & Products Discourse
Discourse discourse

Tue, 31 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a category_id parameter matching the shared drafts category. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.
Title Discourse: Authorization bypass in oneboxer via user-controlled category id
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Discourse Discourse
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T17:41:20.559Z

Reserved: 2026-03-17T00:05:53.285Z

Link: CVE-2026-32951

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T18:16:51.530

Modified: 2026-03-31T18:16:51.530

Link: CVE-2026-32951

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:37:34Z

Weaknesses