CVE-2026-33300

N/A

Descricao

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden groups names and user count. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Detalhes CVE

Pontuacao CVSS v3.1N/A

Publicado3/31/2026

Ultima modificacao4/1/2026

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-200

Referencias

https://github.com/discourse/discourse/commit/07f66658cce81a099a0d7115db5f3c69f5d3cca2(security-advisories@github.com)

https://github.com/discourse/discourse/security/advisories/GHSA-wrwm-vqx2-6x4v(security-advisories@github.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.