๐Ÿ” CVE Alert

CVE-2026-45788

UNKNOWN 0.0

Discourse: Secure uploads exposed by hotlinked image copying

CVSS Score
0.0
EPSS Score
0.5%
EPSS Percentile
37th

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pull_hotlinked_images when an attacker knew the secured upload URL and the secure_uploads site setting was enabled. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.

CWE CWE-200
Vendor discourse
Product discourse
Published Jul 9, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for discourse discourse

Be the first to know when new unknown vulnerabilities affecting discourse discourse are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

discourse / discourse
>= 2026.1.0-latest, < 2026.1.5 >= 2026.4.0-latest, < 2026.4.2 >= 2026.5.0-latest, < 2026.5.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/discourse/discourse/security/advisories/GHSA-3876-w96v-8v38 github.com: https://github.com/discourse/discourse/commit/5807c426880eadf248006e851604fc9284327ce5 github.com: https://github.com/discourse/discourse/commit/8b4a959b251a856a9c911fb9f2ac34fbc31a7471 github.com: https://github.com/discourse/discourse/commit/eff53af26367ae0dcb3a426954d233e8c7449f95 github.com: https://github.com/discourse/discourse/commit/fa74e0dec7341a858ab83a1977fa52629bced1aa github.com: https://github.com/discourse/discourse/releases/tag/v2026.1.5 github.com: https://github.com/discourse/discourse/releases/tag/v2026.4.2 github.com: https://github.com/discourse/discourse/releases/tag/v2026.5.1 github.com: https://github.com/discourse/discourse/releases/tag/v2026.6.0