Unrated severityNVD Advisory· Published Mar 20, 2026· Updated Mar 24, 2026
Discourse's solved topic stream has potential stored XSS in topic title
CVE-2026-33411
Description
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<2026.3.0-latest.1, <2026.2.1, <2026.1.2+ 1 more
- (no CPE)range: <2026.3.0-latest.1, <2026.2.1, <2026.1.2
- (no CPE)range: >= 2026.1.0-latest, < 2026.1.2
Patches
Vulnerability mechanics
References
1- github.com/discourse/discourse/security/advisories/GHSA-j3mm-ghh2-83x2mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.