CVE-2026-44779

Description

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

discourse / discourse>= 2026.1.0-latest, < 2026.1.4 – >= 2026.1.0-latest, < 2026.1.4
discourse / discourse>= 2026.3.0-latest, < 2026.3.1 – >= 2026.3.0-latest, < 2026.3.1
discourse / discourse>= 2026.4.0-latest, < 2026.4.1 – >= 2026.4.0-latest, < 2026.4.1

References

VENDOR_ADVISORYhttps://github.com/discourse/discourse/security/advisories/GHSA-x6mr-wjq6-495j