cvedb.io
CVE-2026-32143
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-03-31T18:16:49.560 · Last modified 2026-06-17T10:35:12.803

Summary

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could expose sensitive operational data intended only for admins. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Affected products

discourse — discourse

Does this affect you?

Add your gear to cvedb and we'll alert you only when discourse ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.