| ID |
CVE-2026-33424
|
| Sažetak |
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacker can grant access to a private message topic through invites even after they lose access to that PM. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available. |
| Reference |
|
| CVSS |
| Base: | 5.9 |
| Impact: | 5.5 |
| Exploitability: | 0.4 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| ADJACENT_NETWORK |
HIGH |
HIGH |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| HIGH |
HIGH |
LOW |
|
| CVSS vektor |
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
| Zadnje važnije ažuriranje |
21-03-2026 - 00:16 |
| Objavljeno |
21-03-2026 - 00:16 |
