Vulnerability Details CVE-2026-33074
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, a user may be able to purchase a lower tier subscription but grant themselves the benefits that comes along with a higher tier subscription. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.0%
CVSS Severity
CVSS v3 Score 5.3
References