Back to CVE List

CVE-2026-49256

Vulnerability Description

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowed_tags, allowed_tag_groups, or required tag groups could leak to anonymous and unauthorized users through category and group endpoints. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-200
Source
NVD
Vendor
discourse
Product
discourse

External References

Discussion (0)

Add Comment

No comments yet. Be the first!