CVE-2026-32244
MEDIUM
5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Description
AI Translation Available
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1. To work around this issue, restrict summary generation by tightening the allowed groups on the summarization Personas.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0003
Percentile
0,1th
Updated
EPSS Score Trend (Last 2 Days)
200
Exposure of Sensitive Information to an Unauthorized Actor
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies:
Not Technology-Specific, Web Based, Mobile
524
Use of Cache Containing Sensitive Information
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
All platforms may be affected
672
Operation on a Resource after Expiration or Release
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Other
Availability
Potential Impacts:
Modify Application Data
Read Application Data
Other
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
Mobile
https://github.com/discourse/discourse/security/advisories/GHSA-hjmg-2mww-vfvx