Improper access control in Discourse - #VU136597
Published: July 1, 2026
Discourse
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper access control in post revision diffs when viewing visible diffs on adjacent revisions. A remote attacker can access adjacent visible diffs to disclose sensitive information.
Hidden post revisions intended to be unavailable to regular users may be exposed through revision comparisons.