Medium severity4.3NVD Advisory· Published Jan 22, 2026· Updated Apr 15, 2026

CVE-2026-24332

Description

Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the user in the presences array (with "status": "offline"), whereas offline users are omitted from the presences array. This is arguably inconsistent with the UI description of Invisible as "You will appear offline."

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

xmrcat.org/discord-invisibility-bypassnvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000