CVE-2026-26979
Discourse: TL4 users are able to change status of restricted topics
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.
| CWE | CWE-862 |
| Vendor | discourse |
| Product | discourse |
| Published | Feb 26, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for discourse discourse
Be the first to know when new unknown vulnerabilities affecting discourse discourse are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
discourse / discourse
< 2025.12.2 >= 2026.1.0-latest, < 2026.1.1 >= 2026.2.0-latest, < 2026.2.0