Unrated severityNVD Advisory· Published Feb 26, 2026· Updated Feb 26, 2026
Discourse: TL4 users are able to change status of restricted topics
CVE-2026-26979
Description
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3prior to 2025.12.2, 2026.1.1, 2026.2.0+ 1 more
- (no CPE)range: prior to 2025.12.2, 2026.1.1, 2026.2.0
- (no CPE)range: < 2025.12.2
Patches
Vulnerability mechanics
References
1- github.com/discourse/discourse/security/advisories/GHSA-9c7p-fqc5-c24fmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.