CVE-2026-32114
IDOR Vulnerability in Discourse AI Plugin Exposes Metadata
Publication date: 2026-03-20
Last updated on: 2026-03-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| discourse | discourse | From 2026.1.0 (inc) to 2026.1.2 (exc) |
| discourse | discourse | From 2026.2.0 (inc) to 2026.2.1 (exc) |
| discourse | discourse | 2026.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32114 is an Insecure Direct Object Reference (IDOR) vulnerability in the Discourse open-source discussion platform. It allows any authenticated user with low privileges to access restricted metadata about AI personas, features, and large language models (LLMs) by providing their identifiers.
This metadata includes sensitive information such as credit allocations and usage statistics that are not intended to be publicly accessible. The attack can be performed remotely over the network without requiring additional user interaction or higher privileges beyond being logged in.
The vulnerability arises because the system fails to properly verify authorization when users manipulate keys identifying data records, leading to unauthorized access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their identifiers. Detection involves monitoring for unauthorized access attempts to these metadata endpoints or unusual authenticated requests querying AI-related identifiers.
Since the attack is performed over the network by logged-in users, you can detect it by reviewing web server logs or application logs for requests that access AI plugin metadata endpoints with identifiers.
Specific commands are not provided in the available resources, but general approaches include:
- Use web server log analysis tools (e.g., grep, awk) to search for requests containing AI persona or LLM model identifiers.
- Monitor authenticated user activity for unusual or excessive access to AI plugin related API endpoints.
- Implement network traffic inspection to identify suspicious API calls related to AI metadata.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include either upgrading Discourse to a patched version or disabling the AI plugin.
- Upgrade Discourse to one of the patched versions: 2026.3.0-latest.1, 2026.2.1, or 2026.1.2.
- If upgrading is not immediately possible, disable the AI plugin to prevent exploitation of the vulnerability.
How can this vulnerability impact me? :
This vulnerability impacts the confidentiality of sensitive metadata related to AI personas and LLM features by allowing unauthorized access to information such as credit allocations and usage statistics.
However, it has a low impact on confidentiality and does not affect data integrity or system availability.
An attacker only needs to be an authenticated user with low privileges, and the attack can be executed remotely without user interaction.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know