Medium severity5.3NVD Advisory· Published May 19, 2026· Updated Jun 2, 2026
CVE-2026-34154
CVE-2026-34154
Description
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6<2026.1.4+ 3 more
- (no CPE)range: <2026.1.4
- cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*range: >=2026.1.0,<2026.1.4
- cpe:2.3:a:discourse:discourse:2026.5.0:*:*:*:latest:*:*:*
- (no CPE)range: <2026.1.4, <2026.3.1, <2026.4.1, <2026.5.0-latest.1
- Range: <2026.1.4, <2026.3.1, <2026.4.1, <2026.5.0-latest.1
Patches
Vulnerability mechanics
References
1- github.com/discourse/discourse/security/advisories/GHSA-pjgj-7mjq-6j7gnvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.