PatchSiren cyber security CVE debrief
CVE-2026-44779 discourse CVE debrief
CVE-2026-44779 is a vulnerability in Discourse, an open-source discussion platform. Bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.
- Vendor
- discourse
- Product
- Unknown
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Discourse versions from 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1 should apply patches or upgrades to prevent disclosure of whisper translation audit logs.
Technical summary
The vulnerability, with a CVSS score of 4.3 (MEDIUM severity), exists in Discourse versions from 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1. It allows bot debug endpoints to disclose whisper translation audit logs. The CWE-200 weakness is associated with this vulnerability.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to Discourse version 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1 or later.
- Review and restrict access to bot debug endpoints.
Evidence notes
CVE-2026-44779 was published and modified on 2026-06-12T21:16:21.503Z. The vulnerability details were obtained from the official CVE record [cve-org] and NVD detail [nvd]. Additional information was found in the Discourse security advisory [ref-4].
Official resources
-
CVE-2026-44779 CVE record
CVE.org
-
CVE-2026-44779 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-44779 was published and modified on 2026-06-12T21:16:21.503Z.