CVE-2026-28227 | Discourse up to 2025.12.1/2026.1.0 publish_to_category authorization (GHSA-m49w-78mh-87jp)

Inserito da Angelo Barbosa | Feb 27, 2026 | CVE

A vulnerability was found in Discourse up to 2025.12.1/2026.1.0. It has been declared as problematic. Affected by this issue is the function publish_to_category. Such manipulation leads to incorrect authorization.

This vulnerability is traded as CVE-2026-28227. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2026-28227 | Discourse up to 2025.12.1/2026.1.0 publish_to_category authorization (GHSA-m49w-78mh-87jp)

Post correlati

CVE-2024-35729 | Tickera Plugin up to 3.5.2.6 on WordPress authorization

CVE-2025-41094 | Global Planning Solutions BOLD Workplanner up to 2.5.24 authorization

CVE-2025-15202 | SohuTV CacheCloud up to 3.2.0 TaskController.java taskQueueList cross site scripting (Issue 374)

CVE-2023-5988 | Uyumsoft LioXERP up to 145 cross site scripting