Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Wed, 28 Jan 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available. | |
| Title | Discourse subscriptions are susceptible to takeover | |
| Weaknesses | CWE-862 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-01-28T19:28:16.731Z
Reserved: 2025-12-18T18:29:07.309Z
Link: CVE-2025-68479
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-01-28T19:16:23.380
Modified: 2026-01-28T19:16:23.380
Link: CVE-2025-68479
Redhat
No data.
OpenCVE Enrichment
No data.