BIT-discourse-2026-32618

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2026-32618.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-discourse-2026-32618

Aliases

CVE-2026-32618
GHSA-pc8p-w2m7-hgf3

Published

2026-04-07T08:43:55.159Z

Modified

2026-04-07T09:41:18.067833317Z

Summary

Discourse: Unauthorized channel membership inference via excluded_memberships_channel_id

Details

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, there is possible channel membership inference from chat user search without authorization. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / discourse

Package

Name: discourse
Purl: pkg:bitnami/discourse

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2026.1.0

Fixed

2026.1.3

Introduced

2026.2.0

Fixed

2026.2.2

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2026-32618.json"