Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primary_group_id and gain whisper-group privileges without legitimate group membership on sites with whispers_allowed_groups configured. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 10 Jul 2026 01:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Discourse
Discourse discourse |
|
| Vendors & Products |
Discourse
Discourse discourse |
Thu, 09 Jul 2026 22:15:00 +0000
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-09T22:03:41.409Z
Reserved: 2026-05-07T19:20:44.691Z
Link: CVE-2026-44787
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-10T13:00:17Z
Weaknesses