VYPR
Medium severity5.3NVD Advisory· Published May 19, 2026· Updated Jun 1, 2026

CVE-2026-32244

CVE-2026-32244

Description

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1. To work around this issue, restrict summary generation by tightening the allowed groups on the summarization Personas.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*+ 2 more
    • cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*
    • cpe:2.3:a:discourse:discourse:*:*:*:*:latest:*:*:*range: >=2026.1.0,<2026.1.4
    • (no CPE)range: <2026.5.0-latest.1 affected; fixed in 2026.1.4, 2026.3.1, 2026.4.1, 2026.5.0-latest.1
  • osv-coords
    Range: < 2026.1.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.