Open redirect in Discourse - CVE-2026-32113
Published: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote attacker to redirect users to an arbitrary external site.
The vulnerability exists due to improper input validation in the enter action of StaticController when processing the sso_destination_url cookie during authentication via the /login endpoint. A remote attacker can set a crafted cookie value to redirect users to an arbitrary external site.
Only sites with DiscourseConnect Provider enabled are vulnerable, and exploitation requires the ability to set cookies in the victim's browser.