Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, secure uploads could be exposed by pull_hotlinked_images when an attacker knew the secured upload URL and the secure_uploads site setting was enabled. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 09 Jul 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Discourse
Discourse discourse |
|
| Vendors & Products |
Discourse
Discourse discourse |
Thu, 09 Jul 2026 22:15:00 +0000
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-09T21:59:27.495Z
Reserved: 2026-05-13T08:19:32.602Z
Link: CVE-2026-45788
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T23:30:16Z
Weaknesses