2 matches found
CVE-2026-28218
creationtimestamp| type| source ---|---|--- 2026-02-26 22:26:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfsahuhdrx2v...
CVE-2026-28218 Discourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query Execution
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries. Versions 2025.12....