216.73.217.98

CVE-2026-49256

· Published 10/07/2026 00:17 · Author: The MITRE Corporation

Labels: CVE-2026-49256

Essential information

Published
10/07/2026 00:17
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CWE-200
CVSS vector

CVSS metrics

Description

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowed_tags, allowed_tag_groups, or required tag groups could leak to anonymous and unauthorized users through category and group endpoints. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.

NVD status

NVD
View on NVD