Discourse is an open-source discussion platform
Outdated AI summaries in Discourse can expose content that was previously removed to anonymous or unprivileged users who cannot regenerate summaries. This information leak occurs because the cached summaries do not always update after content deletion. The vulnerability affects specific versions prior to the latest patches.
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1. To work around this issue, restrict summary generation by tightening the allowed groups on the summarization Personas.
Anonymous and unprivileged users of affected Discourse versions are at risk of viewing sensitive or removed content due to outdated AI summaries, posing a medium risk of information disclosure.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0
Affected Products
1
References
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability
Impact