Medium severity4.3NVD Advisory· Published May 19, 2026· Updated Jun 1, 2026
CVE-2026-33514
CVE-2026-33514
Description
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively for categories they are not authorized to access. Impact is limited to disclosure of site configuration metadata. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5(expand)+ 3 more
- (no CPE)
- cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*
- cpe:2.3:a:discourse:discourse:*:*:*:*:latest:*:*:*range: >=2026.1.0,<2026.1.4
- (no CPE)range: <2026.1.4, <2026.3.1, <2026.4.1, <2026.5.0-latest.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.