CVE-2026-44779
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
Discourse is an open-source discussion platform that, in versions from 2026.1.0 to before 2026.1.4, from 2026.3.0 to before 2026.3.1, and from 2026.4.0 to before 2026.4.1, discloses whisper translation audit logs through bot debug endpoints. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
Risk Assessment
The disclosure of audit logs may lead to the leakage of sensitive information, posing risks to user privacy and platform security.
Recommendation
It is recommended to update Discourse to versions 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1 to mitigate this vulnerability.
Original NVD description (English source)
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.

