CVE-2026-33251

Discourse has an authorization bypass vulnerability affecting hidden Solved topics. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthorized users could accept or unaccept solutions. A patch exists in 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Workaround: ensure only trusted users ...