Information Leakage in Discourse Discussion Platform
CVE-2026-49256
6.3MEDIUM
What is CVE-2026-49256?
The Discourse discussion platform has a vulnerability that allows sensitive tag and tag-group names, linked to publicly readable categories, to be exposed to unauthorized and anonymous users via category and group endpoints. This issue affects versions prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, and has been resolved in these later updates.
Affected Version(s)
discourse >= 2026.1.0-latest, < 2026.1.5 < 2026.1.0-latest, 2026.1.5
discourse >= 2026.4.0-latest, < 2026.4.2 < 2026.4.0-latest, 2026.4.2
discourse >= 2026.5.0-latest, < 2026.5.1 < 2026.5.0-latest, 2026.5.1