CVE-2026-44779
Undergoing Analysis
Undergoing Analysis - In Progress
Information Disclosure in Discourse Bot Debug Endpoints
Vulnerability report for CVE-2026-44779, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-12
Last updated on: 2026-06-15
Assigner: GitHub, Inc.
Description
Description
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| discourse | discourse | From 2026.1.0 (inc) to 2026.1.4 (exc) |
| discourse | discourse | From 2026.3.0 (inc) to 2026.3.1 (exc) |
| discourse | discourse | From 2026.4.0 (inc) to 2026.4.1 (exc) |
| discourse | discourse | 2026.1.4 |
| discourse | discourse | 2026.3.1 |
| discourse | discourse | 2026.4.1 |
| discourse | discourse | 2026.5.0-latest.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |