{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:22:15.637","vulnerabilities":[{"cve":{"id":"CVE-2026-21865","sourceIdentifier":"security-advisories@github.com","published":"2026-01-28T20:16:14.530","lastModified":"2026-01-30T20:30:18.947","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaround, site admin can temporarily revoke the moderation role from untrusted moderators or remove the moderator group from the \"personal message enabled groups\" site setting until the Discourse instance has been upgraded to a version that has been patched."},{"lang":"es","value":"Discourse es una plataforma de discusión de código abierto. En versiones anteriores a 3.5.4, 2025.11.2, 2025.12.1 y 2026.1.0, los moderadores pueden convertir algunos mensajes personales en temas públicos cuando no deberían tener acceso. Este problema está parcheado en las versiones 3.5.4, 2025.11.2, 2025.12.1 y 2026.1.0. Como solución alternativa, el administrador del sitio puede revocar temporalmente el rol de moderación a los moderadores no confiables o eliminar el grupo de moderadores de la configuración del sitio 'grupos con mensajes personales habilitados' hasta que la instancia de Discourse haya sido actualizada a una versión que haya sido parcheada."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*","versionEndExcluding":"3.5.4","matchCriteriaId":"FDBF21E2-1191-4020-A17A-0702DE4E6451"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*","versionStartIncluding":"2025.11.0","versionEndExcluding":"2025.11.2","matchCriteriaId":"539B5B85-44F0-408E-B994-08BB20EA9C26"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2025.12.0:*:*:*:stable:*:*:*","matchCriteriaId":"CCBF47A8-0D3F-4174-8084-CD3517BF272A"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.1.0:*:*:*:stable:*:*:*","matchCriteriaId":"F6CF5F98-F08F-4B28-BBE2-8296760A547E"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-4777-wrv5-3g39","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}