🚨 CVE-2026-53407
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
🎖@cveNotify
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
🎖@cveNotify
Zoom
ZSB-26010
🚨 CVE-2026-53408
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
🎖@cveNotify
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
🎖@cveNotify
Zoom
ZSB-26010
🚨 CVE-2026-53724
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4, the default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked (e.g. poc.svg.). The trailing dot causes the extension parser to extract an empty string, which short-circuits the blocklist check, and the attacker-controlled Content-Type is forwarded to the storage adapter unchanged. Storage adapters that persist and serve the provided Content-Type (such as S3 or GCS) then serve the file with an active type such as image/svg+xml, enabling stored XSS when a victim opens the file URL. The default GridFS adapter is not affected because it sets X-Content-Type-Options: nosniff on responses. This issue has been patched in versions 8.6.79 and 9.9.1-alpha.4.
🎖@cveNotify
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4, the default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked (e.g. poc.svg.). The trailing dot causes the extension parser to extract an empty string, which short-circuits the blocklist check, and the attacker-controlled Content-Type is forwarded to the storage adapter unchanged. Storage adapters that persist and serve the provided Content-Type (such as S3 or GCS) then serve the file with an active type such as image/svg+xml, enabling stored XSS when a victim opens the file URL. The default GridFS adapter is not affected because it sets X-Content-Type-Options: nosniff on responses. This issue has been patched in versions 8.6.79 and 9.9.1-alpha.4.
🎖@cveNotify
GitHub
fix: Stored XSS via trailing-dot filename bypassing file upload extension blocklist (GHSA-7wqv-xjf3-x35v) by mtrezza · Pull Request…
Issue
Stored XSS via trailing-dot filename bypassing file upload extension blocklist (GHSA-7wqv-xjf3-x35v)
Tasks
Add tests
Add changes to documentation (guides, repository pages, in-code descrip...
Stored XSS via trailing-dot filename bypassing file upload extension blocklist (GHSA-7wqv-xjf3-x35v)
Tasks
Add tests
Add changes to documentation (guides, repository pages, in-code descrip...
🚨 CVE-2026-53725
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.5, apps that enable MFA and deny get on the _User class via Class-Level Permissions could expose sensitive user data through the /login and /verifyPassword endpoints. These endpoints re-fetch the user through the access-controlled query pipeline (CLP, protectedFields, auth-adapter sanitizers) before responding. When that re-fetch was denied by the _User get permission, the server fell back to the raw database row, exposing raw authData (including MFA TOTP secrets and recovery codes) and fields hidden by protectedFields (when protectedFieldsOwnerExempt is false). /verifyPassword is the most severe: with only a username and password (no session or MFA token), an attacker who knows a victim's password could retrieve their MFA secret and recovery codes, defeating the second factor. This issue has been patched in version 9.9.1-alpha.5.
🎖@cveNotify
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.5, apps that enable MFA and deny get on the _User class via Class-Level Permissions could expose sensitive user data through the /login and /verifyPassword endpoints. These endpoints re-fetch the user through the access-controlled query pipeline (CLP, protectedFields, auth-adapter sanitizers) before responding. When that re-fetch was denied by the _User get permission, the server fell back to the raw database row, exposing raw authData (including MFA TOTP secrets and recovery codes) and fields hidden by protectedFields (when protectedFieldsOwnerExempt is false). /verifyPassword is the most severe: with only a username and password (no session or MFA token), an attacker who knows a victim's password could retrieve their MFA secret and recovery codes, defeating the second factor. This issue has been patched in version 9.9.1-alpha.5.
🎖@cveNotify
GitHub
fix: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied (GHSA-75v4-m273…
Issue
Endpoints /login and /verifyPassword disclose MFA secrets and protected fields when _User get is denied (GHSA-75v4-m273-5j49)
Tasks
Add tests
Endpoints /login and /verifyPassword disclose MFA secrets and protected fields when _User get is denied (GHSA-75v4-m273-5j49)
Tasks
Add tests
🚨 CVE-2026-53726
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting client by protectedFields, and even when the object owning the relation was not readable by the client under its ACL or class-level permissions. The request requires only the public API credentials that Parse clients normally carry — no user session, master key, or Cloud Code is needed. As a result, an unauthenticated client who knows or obtains the owning object's objectId could enumerate the objects linked through a protected relation, or combine the operator with an objectId constraint to use it as a membership oracle — confirming whether a specific object is linked to a private parent. This affects applications that rely on protectedFields or object ACLs to keep Relation membership confidential, such as private group memberships, block lists, or account-to-resource associations. This issue has been patched in versions 8.6.80 and 9.9.1-alpha.6.
🎖@cveNotify
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting client by protectedFields, and even when the object owning the relation was not readable by the client under its ACL or class-level permissions. The request requires only the public API credentials that Parse clients normally carry — no user session, master key, or Cloud Code is needed. As a result, an unauthenticated client who knows or obtains the owning object's objectId could enumerate the objects linked through a protected relation, or combine the operator with an objectId constraint to use it as a membership oracle — confirming whether a specific object is linked to a private parent. This affects applications that rely on protectedFields or object ACLs to keep Relation membership confidential, such as private group memberships, block lists, or account-to-resource associations. This issue has been patched in versions 8.6.80 and 9.9.1-alpha.6.
🎖@cveNotify
GitHub
fix: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL (GHSA-wmwx-jr2p-4j4r) by mtrezza · Pull Request…
Issue
Relation $relatedTo query bypasses protectedFields and owning-object ACL (GHSA-wmwx-jr2p-4j4r)
Tasks
Add tests
Add changes to documentation (guides, repository pages, code comments)
Summ...
Relation $relatedTo query bypasses protectedFields and owning-object ACL (GHSA-wmwx-jr2p-4j4r)
Tasks
Add tests
Add changes to documentation (guides, repository pages, code comments)
Summ...
🚨 CVE-2026-42850
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as such it will be run by the shell in use. To exploit this bug, the victim must use a netcat or a similar program to connect to the attacker, or else listening for someone to connect. Once this condition is set, an attacker could pwn the computer of the victim using a special kitty's escape code that will run a command in the shell in use. Version 04.7.0 fixes the issue.
🎖@cveNotify
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as such it will be run by the shell in use. To exploit this bug, the victim must use a netcat or a similar program to connect to the attacker, or else listening for someone to connect. Once this condition is set, an attacker could pwn the computer of the victim using a special kitty's escape code that will run a command in the shell in use. Version 04.7.0 fixes the issue.
🎖@cveNotify
GitHub
Shell command injection
Hey ! I hope you are doing well, I think I found a vulnerability in kitty. Thanks for the tools you have made by the way.
### Condition
To exploit this bug, the victim must use a netcat or a si...
### Condition
To exploit this bug, the victim must use a netcat or a si...
🚨 CVE-2026-47260
Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolution + public IP check), but the individual episode <enclosure url="..."> values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP response from the unvalidated enclosure URL via Http::sink()->get() and streams it back to the user, enabling full-read SSRF against internal services. This issue has been patched in version 9.3.5.
🎖@cveNotify
Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolution + public IP check), but the individual episode <enclosure url="..."> values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP response from the unvalidated enclosure URL via Http::sink()->get() and streams it back to the user, enabling full-read SSRF against internal services. This issue has been patched in version 9.3.5.
🎖@cveNotify
GitHub
fix: validate URLs at podcast sync, playback, and radio AI tool (GHSA… · koel/koel@8708f07
…-7j2f-6h2r-6cqc) (#2485)
🚨 CVE-2026-50287
AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCP_HTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. This issue has been patched in version 0.9.27.
🎖@cveNotify
AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCP_HTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. This issue has been patched in version 0.9.27.
🎖@cveNotify
GitHub
Missing Authentication for Critical Function in @agenticmail/mcp
# AgenticMail MCP HTTP authorization bypass
## Summary
`@agenticmail/mcp` exposes a Streamable HTTP transport when started with
`--http` or `MCP_HTTP=1`. In that mode, the `/mcp` endpoint ac...
## Summary
`@agenticmail/mcp` exposes a Streamable HTTP transport when started with
`--http` or `MCP_HTTP=1`. In that mode, the `/mcp` endpoint ac...
🚨 CVE-2026-54055
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU (Time-of-Check-Time-of-Use) race condition between symlink validation and file creation. The `os.open()` call used to create files does not use `O_NOFOLLOW`, allowing an attacker to create a symlink between the initial stat check and the actual file open, causing the write to follow the symlink to an arbitrary destination. Version 0.47.2 fixes the issue.
🎖@cveNotify
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU (Time-of-Check-Time-of-Use) race condition between symlink validation and file creation. The `os.open()` call used to create files does not use `O_NOFOLLOW`, allowing an attacker to create a symlink between the initial stat check and the actual file open, causing the write to follow the symlink to an arbitrary destination. Version 0.47.2 fixes the issue.
🎖@cveNotify
GitHub
Arbitrary File Write via Symlink Race Condition in File Transmission Protocol
### Summary
A vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can bypass the transfer confirmation prompt and write to a file the user ...
A vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can bypass the transfer confirmation prompt and write to a file the user ...
🚨 CVE-2026-54357
An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership but did not exclude higher-privileged site administrator users. As a result, an organization administrator could potentially view or alter site administrator user settings and related login profile information, crossing the intended privilege boundary between organization administration and site-wide administration.
The patch hardens the ACL logic by excluding site administrator accounts from organization administrator–managed user sets, adding explicit authorization failure when a target user is not administrable, and ensuring user setting and login profile operations fail closed.
🎖@cveNotify
An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership but did not exclude higher-privileged site administrator users. As a result, an organization administrator could potentially view or alter site administrator user settings and related login profile information, crossing the intended privilege boundary between organization administration and site-wide administration.
The patch hardens the ACL logic by excluding site administrator accounts from organization administrator–managed user sets, adding explicit authorization failure when a target user is not administrable, and ensuring user setting and login profile operations fail closed.
🎖@cveNotify
GitHub
fix: [security] fixes to the user setting change ACL · MISP/MISP@ed3d9b8
- prevent unauthorised editing of user settings
- as reported by HE WEI(ギカク)
- as reported by HE WEI(ギカク)
🚨 CVE-2026-54358
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own organization, but did not exclude accounts assigned a site administrator role from recipient queries. As a result, an organization administrator could perform privileged account-management actions, such as initiating a password reset workflow, against a higher-privileged site administrator account in the same organization.
Successful exploitation may allow an authenticated organization administrator to interfere with or potentially take over a site administrator account, resulting in privilege escalation and full compromise of the MISP instance’s confidentiality, integrity, and availability.
Attack prerequisites:
The attacker must be authenticated as an organization administrator in the same organization as a site administrator account.
🎖@cveNotify
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own organization, but did not exclude accounts assigned a site administrator role from recipient queries. As a result, an organization administrator could perform privileged account-management actions, such as initiating a password reset workflow, against a higher-privileged site administrator account in the same organization.
Successful exploitation may allow an authenticated organization administrator to interfere with or potentially take over a site administrator account, resulting in privilege escalation and full compromise of the MISP instance’s confidentiality, integrity, and availability.
Attack prerequisites:
The attacker must be authenticated as an organization administrator in the same organization as a site administrator account.
🎖@cveNotify
GitHub
fix: [security] site admin e-mail reset by same org org admin blocked · MISP/MISP@1467954
- Org admins should not be able to modify site admin accounts
- as reported by:
Name: HE WEI
GitHub: https://github.com/hewei-gikaku
LinkedIn: https://www.linkedin.com/in/gikaku/
- as reported by:
Name: HE WEI
GitHub: https://github.com/hewei-gikaku
LinkedIn: https://www.linkedin.com/in/gikaku/
🚨 CVE-2026-54359
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote unauthenticated attacker could craft a malicious web page that causes an authenticated MISP user’s browser to issue cross-site requests to MISP automation endpoints. If successful, the forged requests may be processed with the privileges of the victim user, potentially allowing unauthorized modification of MISP data or configuration. Enabling Security.check_sec_fetch_site_header mitigates this issue, although operators of multi-homed MISP deployments should validate the setting before enforcing it.
🎖@cveNotify
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote unauthenticated attacker could craft a malicious web page that causes an authenticated MISP user’s browser to issue cross-site requests to MISP automation endpoints. If successful, the forged requests may be processed with the privileges of the victim user, potentially allowing unauthorized modification of MISP data or configuration. Enabling Security.check_sec_fetch_site_header mitigates this issue, although operators of multi-homed MISP deployments should validate the setting before enforcing it.
🎖@cveNotify
GitHub
chg: [security] warn admins of a dangerous default setting that shoul… · MISP/MISP@b82db1b
…d be hardened
- check_sec_fetch_site_header should warn users if not set of the dangers, whilst also hinting at the damaging aspect on multi home instances
- as reported by José Pedro Moço (jped...
- check_sec_fetch_site_header should warn users if not set of the dangers, whilst also hinting at the damaging aspect on multi home instances
- as reported by José Pedro Moço (jped...
🚨 CVE-2026-54360
A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create() followed by save() operation to update an existing record instead of creating a new one.
An authenticated user with permission to add sharing groups could therefore submit the identifier of an existing sharing group and modify that sharing group without passing the normal edit access-control checks. This may allow the attacker to take over or alter sharing groups they do not otherwise have access to, potentially affecting the confidentiality and integrity of information shared through those groups.
Affected component:
app/Controller/SharingGroupsController.php, add() action
🎖@cveNotify
A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create() followed by save() operation to update an existing record instead of creating a new one.
An authenticated user with permission to add sharing groups could therefore submit the identifier of an existing sharing group and modify that sharing group without passing the normal edit access-control checks. This may allow the attacker to take over or alter sharing groups they do not otherwise have access to, potentially affecting the confidentiality and integrity of information shared through those groups.
Affected component:
app/Controller/SharingGroupsController.php, add() action
🎖@cveNotify
GitHub
fix: [security] sharing groups mass assignment fix in add · MISP/MISP@687e7cb
- as reported by Jeroen Pinoy
🚨 CVE-2026-54361
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-related fields such as id, org_id, orgc_id, and user_id.
An authenticated attacker with access to the affected endpoints could craft requests containing protected fields in order to alter object ownership, redirect an update to another record, overwrite existing event delegation requests, or modify shadow attribute proposals belonging to another organization. This could result in unauthorized modification of MISP objects and, depending on object visibility and sharing configuration, unauthorized access to or transfer of sensitive threat intelligence data.
The issue was fixed by explicitly pinning ownership and identity fields to their stored values during edit operations and by removing user-supplied primary keys from create-only save paths.
Affected components:
* CollectionsController::edit()
* EventDelegationsController::delegateEvent()
* ShadowAttributesController::edit()
* TagCollectionsController::edit()915
* TagCollectionsController::editWithTags()
Attack requirements:
The attacker must be authenticated and able to reach the affected MISP endpoints. No user interaction is required.
🎖@cveNotify
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-related fields such as id, org_id, orgc_id, and user_id.
An authenticated attacker with access to the affected endpoints could craft requests containing protected fields in order to alter object ownership, redirect an update to another record, overwrite existing event delegation requests, or modify shadow attribute proposals belonging to another organization. This could result in unauthorized modification of MISP objects and, depending on object visibility and sharing configuration, unauthorized access to or transfer of sensitive threat intelligence data.
The issue was fixed by explicitly pinning ownership and identity fields to their stored values during edit operations and by removing user-supplied primary keys from create-only save paths.
Affected components:
* CollectionsController::edit()
* EventDelegationsController::delegateEvent()
* ShadowAttributesController::edit()
* TagCollectionsController::edit()915
* TagCollectionsController::editWithTags()
Attack requirements:
The attacker must be authenticated and able to reach the affected MISP endpoints. No user interaction is required.
🎖@cveNotify
GitHub
fix: [security] multiple mass assignment vulnerabilities fixed · MISP/MISP@9341690
- as reported by Jeroen Pinoy
🚨 CVE-2026-12129
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.
🎖@cveNotify
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.
🎖@cveNotify
🚨 CVE-2026-24618
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data.
This issue affects Hash Elements: from n/a through 1.5.4.
🎖@cveNotify
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data.
This issue affects Hash Elements: from n/a through 1.5.4.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Hash Elements Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-42853
ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command without proper sanitization or escaping. This allows execution of arbitrary commands on the host system. As of time of publication, no known patched versions are available.
🎖@cveNotify
ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command without proper sanitization or escaping. This allows execution of arbitrary commands on the host system. As of time of publication, no known patched versions are available.
🎖@cveNotify
GitHub
Command Injection in apos create via Unsanitized Password Input (CWE-78)
Summary
The @apostrophecms/cli package contains a command injection vulnerability in the apos create command.
User-supplied input from the password prompt is embedded directly into a shell comm...
The @apostrophecms/cli package contains a command injection vulnerability in the apos create command.
User-supplied input from the password prompt is embedded directly into a shell comm...
🚨 CVE-2026-44779
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
🎖@cveNotify
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
🎖@cveNotify
GitHub
Bot debug endpoints disclose whisper translation audit logs
### Impact
Users with access to AI debug audit logs (by default nobody)
### Workarounds
Only allow admins access to AI debug audit logs
Users with access to AI debug audit logs (by default nobody)
### Workarounds
Only allow admins access to AI debug audit logs
🚨 CVE-2026-44780
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload["raw_email"] for posts that arrived via incoming email. Category moderation group members reaching the review queue could therefore read the full inbound email source (headers, sender trace, MUA, body) without being in view_raw_email_allowed_groups — the trust boundary that gates the dedicated raw-email endpoint. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
🎖@cveNotify
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload["raw_email"] for posts that arrived via incoming email. Category moderation group members reaching the review queue could therefore read the full inbound email source (headers, sender trace, MUA, body) without being in view_raw_email_allowed_groups — the trust boundary that gates the dedicated raw-email endpoint. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
🎖@cveNotify
GitHub
Category queue reviewers can read raw incoming emails from queued posts
### Impact
`ReviewableQueuedPostSerializer` unconditionally included `payload["raw_email"]` for posts that arrived via incoming email. Category moderation group members reaching the revi...
`ReviewableQueuedPostSerializer` unconditionally included `payload["raw_email"]` for posts that arrived via incoming email. Category moderation group members reaching the revi...
🚨 CVE-2026-44782
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared include_user_long_name? as the predicate for its :name attribute, but AMS looks for include_name?. The misnamed predicate was never called, so object.user.name was always serialized regardless of SiteSetting.enable_names. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
🎖@cveNotify
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared include_user_long_name? as the predicate for its :name attribute, but AMS looks for include_name?. The misnamed predicate was never called, so object.user.name was always serialized regardless of SiteSetting.enable_names. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
🎖@cveNotify
GitHub
GroupPostSerializer leaks hidden full names through reaction post association
### Impact
GroupPostSerializer declared include_user_long_name? as the predicate
for its :name attribute, but AMS looks for include_name?. The misnamed
predicate was never called, so objec...
GroupPostSerializer declared include_user_long_name? as the predicate
for its :name attribute, but AMS looks for include_name?. The misnamed
predicate was never called, so objec...
🚨 CVE-2026-44783
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in whispers_allowed_groups to post into a topic's staff-only whisper channel. The injected content is visible to whisperers (typically staff) alongside legitimate whispers. Only sites that have whispers enabled are affected. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
🎖@cveNotify
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in whispers_allowed_groups to post into a topic's staff-only whisper channel. The injected content is visible to whisperers (typically staff) alongside legitimate whispers. Only sites that have whispers enabled are affected. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
🎖@cveNotify
GitHub
Replying to a whisper lets non-whisperers create staff-only whisper posts
### Impact
A flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in `whispers_allowed_groups` to post into a topic's staff-only whisper ...
A flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in `whispers_allowed_groups` to post into a topic's staff-only whisper ...