Lucene search
K

5 matches found

OSV
OSV
added 2026/03/03 1:29 p.m.3 views

BIT-DISCOURSE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/26 9:25 p.m.2 views

CVE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 9:25 p.m.21 views

CVE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

5.3CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 9:25 p.m.6 views

CVE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References3
CVE
CVE
added 2026/02/26 9:25 p.m.24 views

CVE-2026-28219

Product/Component: Discourse open source platform. Vulnerability: Improper authorization check in topic management lets authenticated users alter privileged topic attributes via PUT/POST, elevating a topic’s status to a site-wide notice or banner. Affected versions: before 2025.12.2, 2026.1.1, an...

5.3CVSS5.3AI score0.00197EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder