Can you explain this vulnerability to me?

This vulnerability in Discourse allows an authenticated user to access the names and detailed structured content of form templates that belong to categories they are not authorized to view.

The issue arises because the endpoints handling form templates did not properly enforce category visibility restrictions, enabling unauthorized users to retrieve sensitive site configuration metadata.

The problem was fixed by scoping form template queries to only include templates from categories accessible to the user, ensuring unauthorized templates are not disclosed.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The impact of this vulnerability is limited to the disclosure of site configuration metadata through unauthorized access to form templates.

An attacker with valid authentication could gain insight into the structure and names of form templates intended for restricted categories, potentially revealing sensitive configuration details about the site.

However, this vulnerability does not allow modification or deletion of data, nor does it expose user personal data directly.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves unauthorized access to form templates via the `/form-templates` and `/form-templates/:id` endpoints in Discourse. Detection can focus on monitoring authenticated user requests to these endpoints to see if they are accessing form templates from categories they should not have access to.

You can detect potential exploitation by reviewing access logs for requests to `/form-templates` or `/form-templates/:id` endpoints made by users who do not have permissions for the categories associated with those templates.

Example commands to check logs (assuming typical web server logs):

• grep "/form-templates" /var/log/nginx/access.log | less
• grep "/form-templates/" /var/log/nginx/access.log | awk '{print $1, $7, $9}' | sort | uniq -c

Additionally, you can audit application logs or use Discourse's admin interface to review user activity related to form templates if such logging is enabled.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability allows an authenticated user to access the names and structured content of form templates intended for categories they are not authorized to access, resulting in disclosure of site configuration metadata.

However, the impact is limited to metadata disclosure and does not involve personal data or sensitive user information directly.

Therefore, while this could potentially raise concerns about unauthorized access to configuration data, there is no direct indication from the provided information that it leads to violations of compliance requirements such as GDPR or HIPAA, which primarily focus on personal and sensitive data protection.

Organizations should still consider the risk of metadata exposure in their overall security posture and ensure timely patching to maintain compliance with best practices.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The primary and recommended mitigation is to update Discourse to a fixed version where this vulnerability is patched.

• Upgrade Discourse to version 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1 or later.

If immediate upgrade is not possible, consider disabling the form templates feature temporarily to prevent unauthorized access to form templates.

Review and restrict user permissions carefully to limit authenticated users' access to only necessary categories.

Useful 0 Not Useful 0