CVE-2026-33410
Summary: CVE-2026-33410 affects Discourse before patches 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. There are two authorization issues in the chat direct message API. First, during direct message channel creation or when adding users, the target_groups parameter is passed directly to the user res...