CVE-2026-33355

by Fred · 19/03/2026

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `/private-posts` endpoint did not apply post-type visibility filtering, allowing regular PM participants to see whisper posts in PM topics they had access to. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

More information : https://github.com/discourse/discourse/commit/84e5865a279716c6866e8c0648d1d8b42320603c

CVE-2026-33355

Similar

Recent Posts

Categories

CVE-2026-33355

Share this:

Similar

Recent Posts

Categories

Tags