Medium severity4.3NVD Advisory· Published Jan 22, 2026· Updated Apr 15, 2026
CVE-2026-24332
CVE-2026-24332
Description
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the user in the presences array (with "status": "offline"), whereas offline users are omitted from the presences array. This is arguably inconsistent with the UI description of Invisible as "You will appear offline."
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.