BIT-DISCOURSE-2025-68660 Discourse AI Discover's continue conversation allows threat actor to impersonate user

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the aidiscoverpersona access controls and gain ongoing DM access to personas that may be wired to staff-only categories, RAG document set...

CVE-2025-68660

Affected product/versions: Discourse prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Vulnerability: An endpoint allows any authenticated user to bypass the ai_discover_persona access controls and gain ongoing DM access to personas, potentially wired to staff-only categories, RAG documents, or...