CVE-2026-27454— Discourse has check revision visibility on posts endpoint
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-27454
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse has check revision visibility on posts endpoint
Source: NVD (National Vulnerability Database)
Vulnerability Description
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The display_post method called post.revert_to directly without verifying whether the revision was hidden or if the user had permission to view edit history. This meant hidden revisions (intentionally concealed by staff) could be read by any user by simply enumerating version numbers. Starting in versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, Discourse looks up the PostRevision and call guardian.ensure_can_see! before reverting, consistent with how the /posts/:id/revisions/:revision endpoint already authorizes access. No known workarounds are available.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Discourse 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 2026.3.0-latest.1之前版本、2026.2.1之前版本和2026.1.2之前版本存在安全漏洞,该漏洞源于请求/posts/:id.json?version=X时绕过帖子修订的授权检查,可能导致隐藏的修订被任意用户读取。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-27454
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-27454
请登录查看更多情报信息。
Same Patch Batch · discourse · 2026-03-19 · 17 CVEs total
| CVE-2026-33355 | 6.5 MEDIUM | Discourse filters whisper posts from private-posts feed |
| CVE-2026-33410 | 5.4 MEDIUM | Discourse hardens chat DM channel creation and expansion |
| CVE-2026-33395 | 4.4 MEDIUM | Discourse has stored click‑based XSS via Graphviz SVG javascript: links |
| CVE-2026-32099 | 4.3 MEDIUM | Discourse prevents hidden profile data leak via user onebox |
| CVE-2026-33393 | 4.3 MEDIUM | Discourse fixes loose hostname matching in spam host allowlist |
| CVE-2026-27166 | 4.1 MEDIUM | Discourse vulnerable to HTML injection via prohibited iframe URLs |
| CVE-2026-33394 | 2.7 LOW | Discourse leaks PM post edits to moderators |
| CVE-2026-33408 | 2.2 LOW | Discourse has Improper Authorization in "Post Edits" Report For Moderators |
| CVE-2026-27491 | Discourse has a bypass of official warnings messages by non-staff users | |
| CVE-2026-27570 | Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox | |
| CVE-2026-27740 | Discourse has Stored XSS in AI Triage Automation | |
| CVE-2026-27934 | Discourse leaks private topic title and post excerpt via user action API endpoint | |
| CVE-2026-27935 | Discourse leaks private topic metadata to non-authorized users | |
| CVE-2026-27936 | Discourse discloses restricted post-action counts to non-privileged users | |
| CVE-2026-29072 | Discourse missing permission check for policy creation in discourse-policy | |
| CVE-2026-28282 | Discourse vulnerable to group membership addition permission bypass via discourse-policy p |
IV. Related Vulnerabilities
Same product: discourse
- CVE-2026-34947
Discourse: Staged user custom fields are exposed on public i - CVE-2026-27481
Discourse: Hidden tag visibility bypass on tag routes - CVE-2026-33415
Discourse: Improper Access Control in discourse-ai Allows Un - CVE-2026-33300
Discourse: Hidden group names and access metadata are expose - CVE-2026-33185
Discourse: Group SMTP test endpoint susceptible to SSRF
Same vendor: discourse
- CVE-2026-34947
Discourse: Staged user custom fields are exposed on public i - CVE-2026-27481
Discourse: Hidden tag visibility bypass on tag routes - CVE-2026-33415
Discourse: Improper Access Control in discourse-ai Allows Un - CVE-2026-33300
Discourse: Hidden group names and access metadata are expose - CVE-2026-33185
Discourse: Group SMTP test endpoint susceptible to SSRF
Same weakness: CWE-862
- CVE-2021-47932
WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthen - CVE-2025-15634
HCL BigFix WebUI is affected by a missing authorization vuln - CVE-2026-42297
Argo Workflows Is Missing Authorization in Sync ConfigMap Pr - CVE-2026-42174
Kirby: User avatar creation, replacement and deletion are no - CVE-2026-42137
Kirby: `pages.access/list` and `files.access/list` permissio
V. Comments for CVE-2026-27454
No comments yet