CVE-2026-33185 | Discourse up to 2026.1.2/2026.2.1 Endpoint server-side request forgery

Inserito da Angelo Barbosa | Mar 31, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Discourse up to 2026.1.2/2026.2.1. The affected element is an unknown function of the component Endpoint. This manipulation causes server-side request forgery.

This vulnerability is handled as CVE-2026-33185. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2026-33185 | Discourse up to 2026.1.2/2026.2.1 Endpoint server-side request forgery

Post correlati

CVE-2024-38972 | Netbox 4.0.3 /dcim/power-ports/add/ Name cross site scripting

CVE-2024-40724 | Open Asset Import Library Assimp up to 5.4.1 File heap-based overflow

CVE-2024-37063 | YdataAI ydata-profiling up to 3.7.0 Report cross site scripting

CVE-2024-13531 | enituretechnology ShipEngine Shipping Quotes Plugin up to 1.0.7 on WordPress edit_id sql injection