CVE-2026-49256
Discourse (open-source discussion platform) contains a vulnerability where restricted tag and tag-group names attached to publicly readable categories could leak to anonymous/unauthorized users via category and group endpoints. Affected releases prior to fixes include 2026.6.0, 2026.5.1, 2026.4.2...