Medium severity5.3NVD Advisory· Published May 19, 2026· Updated Jun 1, 2026
CVE-2026-32244
CVE-2026-32244
Description
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1. To work around this issue, restrict summary generation by tightening the allowed groups on the summarization Personas.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*+ 2 more
- cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*
- cpe:2.3:a:discourse:discourse:*:*:*:*:latest:*:*:*range: >=2026.1.0,<2026.1.4
- (no CPE)range: <2026.5.0-latest.1 affected; fixed in 2026.1.4, 2026.3.1, 2026.4.1, 2026.5.0-latest.1
Patches
Vulnerability mechanics
References
1- github.com/discourse/discourse/security/advisories/GHSA-hjmg-2mww-vfvxnvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.