Path Traversal Vulnerability in Discourse Discussion Platform
CVE-2026-45775
6.8MEDIUM
What is CVE-2026-45775?
The vulnerability affects the Discourse open-source discussion platform, allowing an authenticated administrator on one site in a multisite setup to exploit backup handling. Through a crafted backup download request, an admin on Site A can gain unauthorized access to backup files belonging to Site B, compromising sensitive data if backups are stored locally. This issue has been addressed in updated versions: 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
Affected Version(s)
discourse >= 2026.1.0-latest, < 2026.1.4 < 2026.1.0-latest, 2026.1.4
discourse >= 2026.3.0-latest, < 2026.3.1 < 2026.3.0-latest, 2026.3.1
discourse >= 2026.4.0-latest, < 2026.4.1 < 2026.4.0-latest, 2026.4.1