Discourse AI explain permission bypass before v2026.4.1
CVE-2026-44785 Published on June 12, 2026
Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks can_see? on the post being explained, not its reply_to_post, so any authenticated user with access to the AI helper could read the raw contents of a hidden parent post by invoking "Explain" on a reply to it. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
Vulnerability Analysis
CVE-2026-44785 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2026-44785 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2026-44785
Want to know whenever a new CVE is published for Discourse? stack.watch will email you.
Affected Versions
discourse:- Version >= 2026.1.0-latest, < 2026.1.4 is affected.
- Version >= 2026.3.0-latest, < 2026.3.1 is affected.
- Version >= 2026.4.0-latest, < 2026.4.1 is affected.