CVE-2026-44785: Discourse Information Disclosure Flaw

CVE-2026-44785 Overview

CVE-2026-44785 is an information disclosure vulnerability in Discourse, an open-source discussion platform. The flaw resides in the AI explain helper, which fails to verify access permissions on parent posts when explaining a reply. Authenticated users with access to the AI helper can invoke Explain on a reply to read the raw contents of a hidden parent post. The vulnerability is classified under [CWE-200] (Exposure of Sensitive Information to an Unauthorized Actor). Affected releases include Discourse versions 2026.1.0 through 2026.1.4, 2026.3.0 through 2026.3.1, and 2026.4.0 through 2026.4.1.

Critical Impact
Authenticated attackers can read hidden parent post content by triggering the AI explain helper on a visible reply, bypassing intended access controls.

Affected Products

Discourse versions 2026.1.0-latest to before 2026.1.4
Discourse versions 2026.3.0-latest to before 2026.3.1
Discourse versions 2026.4.0-latest to before 2026.4.1

Discovery Timeline

2026-06-12 - CVE-2026-44785 published to NVD
2026-06-17 - Last updated in NVD database

Technical Details for CVE-2026-44785

Vulnerability Analysis

The vulnerability stems from an incomplete authorization check in the Discourse AI explain helper feature. When a user invokes the Explain action on a post that is a reply, the helper retrieves contextual information from the parent post referenced by reply_to_post. The authorization logic only invokes the can_see? permission check against the post being explained, not against its parent post.

This design oversight allows authenticated users with AI helper access to extract content from posts they are not authorized to view. The helper returns raw parent post contents to the requesting user as part of the AI response context. Hidden, deleted, or permission-restricted parent posts become readable through this side channel.

Root Cause

The root cause is a broken access control flaw [CWE-200] where the permission boundary is enforced on only one object in a related pair. The can_see? method validates visibility of the target post but never traverses the reply_to_post association to verify the requesting user holds equivalent rights on the parent. The AI helper treats parent post content as freely passable context once the immediate post passes authorization.

Attack Vector

Exploitation requires an authenticated account with permission to use the AI explain helper. An attacker identifies a visible reply whose parent post is restricted, hidden, or in a private category. The attacker invokes the AI explain helper on the visible reply, and the helper returns parent post contents within the explanation response. No special tooling is required as the attack uses normal application functionality through the web interface or API.

No verified public exploit code is available. See the GitHub Security Advisory GHSA-7h76-fwxc-j586 for additional technical details.

Detection Methods for CVE-2026-44785

Indicators of Compromise

Unusual volume of AI explain helper invocations from individual user accounts targeting reply posts.
AI helper requests referencing posts whose reply_to_post IDs map to restricted categories or hidden topics.
Application logs showing AI explain responses returned for posts with mismatched parent post visibility.

Detection Strategies

Review Discourse application logs for AI helper endpoint requests and correlate post IDs against category visibility settings.
Audit user accounts with AI helper access and inspect their explain helper usage patterns over recent weeks.
Compare AI helper response payload sizes against baseline averages to flag responses that include unexpected parent context.

Monitoring Recommendations

Enable verbose logging on the AI explain helper endpoint and forward logs to a centralized SIEM for correlation.
Alert on repeated AI explain requests from the same user account targeting different reply posts in short time windows.
Track access to private or restricted categories and correlate with AI helper activity from non-privileged accounts.

How to Mitigate CVE-2026-44785

Immediate Actions Required

Upgrade Discourse to a patched version: 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1.
Audit AI helper access permissions and restrict the feature to trusted user groups until patching completes.
Review recent AI explain helper activity logs for evidence of unauthorized parent post access.

Patch Information

Discourse has released fixes in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1. The patch extends the can_see? authorization check to cover the reply_to_post association before returning parent post contents through the AI helper. Apply the appropriate patch corresponding to your current release branch. See the Discourse Security Advisory for upgrade instructions.

Workarounds

Disable the AI explain helper feature in Discourse admin settings until patches are applied.
Restrict AI helper access to administrator accounts only via Discourse group permissions.
Move highly sensitive discussions to categories where AI helper features are explicitly disabled.

bash

# Configuration example: disable AI explain helper via Discourse admin
# Navigate to /admin/site_settings and search for 'ai_helper'
# Set the following:
ai_helper_enabled_features: ""  # Remove 'explain' from enabled features
ai_helper_allowed_groups: "admins"  # Restrict to admins only