CVE-2026-32244

5.3 MEDIUM

Discourse is an open-source discussion platform

Published: 2026-05-19 · Last updated: 2026-06-01

Severity and scoring

CVSS: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-200, CWE-524, CWE-672

Affected products

Vendor	Product
discourse	discourse

Description

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1. To work around this issue, restrict summary generation by tightening the allowed groups on the summarization Personas.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-32244
[Vendor advisory]https://github.com/discourse/discourse/security/advisories/GHSA-hjmg-2mww-vfvx

Related CVEs

Same vendor

CVE-2026-34154 — Discourse is an open-source discussion platform (5.3 MEDIUM)
CVE-2026-33514 — Discourse is an open-source discussion platform (4.3 MEDIUM)

Same CWE

CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
CVE-2026-47165 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)
CVE-2026-48855 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery
CVE-2026-45329 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (7.1 HIGH)
CVE-2026-36719 — An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain ... (7.5 HIGH)