2 matches found
BIT-DISCOURSE-2026-32615 Discourse: Category group moderators can perform actions on topics in restricted categories without read access
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, category group moderators could perform privileged actions on topics inside private categories they did not have read access to. This issue has been patched in versions...
CVE-2026-26979
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available...