4 matches found
BIT-DISCOURSE-2026-29072 Discourse missing permission check for policy creation in discourse-policy
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain...
CVE-2026-29072
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0-latest.1, 2026.2.1, an...
CVE-2026-29072
CVE-2026-29072 affects Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, where users not in the allowed policy creation groups could create functional policy acceptance widgets in posts under certain conditions. The root cause is a flaw in policy widget creation permissions that allow...
PT-2026-26379
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2,...