Improper access control in Discourse - CVE-2026-32244
Published: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose removed content.
The vulnerability exists due to improper access control in cached AI summaries when serving previously generated summaries. A remote attacker can access outdated summaries to disclose removed content.
The issue affects anonymous and unprivileged users who cannot regenerate summaries.