QSearchQSearch

CVE-2021-41163

10.0 CRITICAL

Discourse is an open source platform for community discussion

Published: 2021-10-20 · Last updated: 2026-06-17

Severity and scoring

CVSS
10.0 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
CWE-74

Affected products

VendorProduct
discoursediscourse

Description

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-34154 Discourse is an open-source discussion platform (5.3 MEDIUM)
  • CVE-2026-33514 Discourse is an open-source discussion platform (4.3 MEDIUM)
  • CVE-2026-32244 Discourse is an open-source discussion platform (5.3 MEDIUM)
  • CVE-2021-41140 Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post (5.3 MEDIUM)
  • CVE-2021-41095 Discourse is an open source discussion platform (4.2 MEDIUM)

Same CWE

  • CVE-2026-12223 A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
  • CVE-2026-12219 A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
  • CVE-2026-12206 A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
  • CVE-2026-12197 A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)
  • CVE-2026-12188 A vulnerability was detected in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)