CVE-2026-33074

Sažetak

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, a user may be able to purchase a lower tier subscription but grant themselves the benefits that comes along with a higher tier subscription. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Reference

https://github.com/discourse/discourse/commit/c34f2aac8dcd1ae2886fa84256f607bc003f9d80
https://github.com/discourse/discourse/security/advisories/GHSA-9vg5-mp49-xghh

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

31-03-2026 - 18:16

Objavljeno

31-03-2026 - 18:16