2 matches found
CVE-2026-28227
creationtimestamp| type| source ---|---|--- 2026-02-26 22:23:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfsacdlvk32y...
CVE-2026-28227 Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the publishtocategory topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known...