CVE-2026-32113 — Discourse is an open-source discussion platform. From versions 2026.1.0-latest…

/HIGH
CVE Notify vulnerabilitycveidentity
CVE-2026-32113 — Discourse is an open-source discussion platform. From versions 2026.1.0-latest…

Image via opengraph.githubassets.com

🚨 CVE-2026-32113 Discourse is an open-source discussion platform. While this cookie is normally set during legitimate DiscourseConnect Provider flows with cryptographically validated SSO payloads, cookies are client-controlled and can be set by attackers. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

https://github.com/discourse/discourse/commit/080408b93d00305b51d71f63f755f43fa601884d

What This Means For You

  • New vulnerability disclosed — verify if your stack is exposed.

Indicators of Compromise

IDTypeIndicator
CVE-2026-32113 Auth Bypass Discourse versions prior to 2026.1.3, 2026.2.2, and 2026.3.0 are vulnerable to authentication bypass via manipulation of DiscourseConnect SSO cookies.
Source & Attribution
Source PlatformTelegram
ChannelCVE Notify
Channel ID1129491012
Message ID157865
PublishedApril 03, 2026 at 15:56 UTC
Original Linkhttps://github.com/discourse/discourse/commit/080408b93d0...

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Found this interesting? Follow us on LinkedIn to stay ahead.

Follow Shimi Cohen Follow Shimi's Cyber World
Share
LinkedIn WhatsApp Reddit