CVE-2026-28218 | Discourse up to 2025.12.1/2026.1.0 Data Explorer Plugin access control (GHSA-jxrc-72mr-mfh5)

Inserito da Angelo Barbosa | Feb 27, 2026 | CVE

A vulnerability marked as critical has been reported in Discourse up to 2025.12.1/2026.1.0. The impacted element is an unknown function of the component Data Explorer Plugin. Performing a manipulation results in improper access controls.

This vulnerability is known as CVE-2026-28218. Remote exploitation of the attack is possible. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-28218 | Discourse up to 2025.12.1/2026.1.0 Data Explorer Plugin access control (GHSA-jxrc-72mr-mfh5)

Post correlati

CVE-2024-33698 | Siemens SIMATIC Information Server 2022 UMC heap-based overflow (ssa-039007)

CVE-2025-4291 | IdeaCMS up to 1.6 saveUpload unrestricted upload (IC32SB)

CVE-2024-54763 | ipTIME A2004 12.17.0 /login/hostinfo.cgi information disclosure

CVE-2025-67893 | pkp pkp-lib up to 3.4.0-9/3.5.0-1 compileLess addLessVariables code injection