CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-29072

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, disable the discourse-policy plugin by disabling the `policy_enabled` site setting.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.9%

CVSS Severity

References

https://github.com/discourse/discourse/security/advisories/GHSA-7ph8-vprq-4jrp

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-29072

Products

Pricing

Contact Us