PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45788 discourse CVE debrief

CVE-2026-45788 is a vulnerability in Discourse that could expose secure uploads when an attacker knows the secured upload URL and the secure_uploads site setting is enabled. The issue was fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. This vulnerability has a medium severity and is related to the pull_hotlinked_images feature. Users of Discourse, especially those who have enabled secure uploads, should be aware of this vulnerability and update to a patched version.

Vendor
discourse
Product
Unknown
CVSS
MEDIUM 6.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of Discourse, especially those who have enabled secure uploads, should be aware of this vulnerability and update to a patched version. This vulnerability may impact operators who use Discourse for their platforms, as well as security teams and vulnerability management teams who need to assess and mitigate the risk.

Technical summary

The vulnerability exists in the pull_hotlinked_images feature of Discourse. When an attacker knows the secured upload URL and the secure_uploads site setting is enabled, they could potentially expose secure uploads. This issue has been addressed with the release of Discourse versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. The vulnerability has a CVSS score of 6.3 and a medium severity. Users of Discourse, especially those who have enabled secure uploads, should be aware of this vulnerability and update to a patched version. Affected deployments may exist in managed environments and require verification. Operators should review compensating controls for exposed systems while remediation is scheduled and verified.

Defensive priority

Medium priority due to the specific conditions required for exploitation.

Recommended defensive actions

  • Update Discourse to version 2026.6.0, 2026.5.1, 2026.4.2, or 2026.1.5, or later
  • Review and adjust the secure_uploads site setting
  • Monitor for unusual activity related to secure uploads
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-09T22:17:04.933Z and last modified on 2026-07-10T15:53:08.640Z. The NVD entry is currently Undergoing Analysis. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The secure uploads feature in Discourse could be potentially exposed if an attacker knows the secured upload URL and the secure_uploads site setting is enabled.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T22:17:04.933Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.