Improper access control in Discourse - CVE-2026-44779
Published: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in AI debug audit logs when handling access to bot debug endpoints. A remote user can access whisper translation audit logs to disclose sensitive information.
By default, no users have access to the AI debug audit logs.