AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-32618: Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 31, 2026CVE-2026-32618

Summary

Discourse, an open-source discussion platform (software that lets people have conversations online), had a security flaw in versions 2026.1.0 through 2026.3.0 that let unauthorized users figure out who was in private chat channels by using the user search feature. This flaw exposed sensitive information that should have been hidden from people without permission.

Solution / Mitigation

The issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. Users should upgrade to one of these versions depending on which release series they are using.

Vulnerability Details

CVSS Score

4.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

network

Attack Complexity

low

Privileges Required

low

User Interaction

none

Disclosure Date

March 31, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-200

CAPEC (Attack Pattern)

CAPEC-116

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-32618

First tracked: March 31, 2026 at 08:07 PM

Classified by LLM (prompt v3) · confidence: 95%