CVE-2026-30888

Published: Mar 20, 2026 Last Modified: Mar 20, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 2,2

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: high

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: none

Availability: none

Description

AI Translation Available

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents (ToS, guidelines, privacy policy) that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

269

Improper Privilege Management

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Gain Privileges Or Assume Identity

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

https://github.com/discourse/discourse/security/advisories/…

https://github.com/discourse/discourse/security/advisories/GHSA-jj9p-p7m6-jq96

CVE-2026-30888

Description

Improper Privilege Management

Common Consequences

Applicable Platforms

Iscriviti alla newsletter