{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27740", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-23T18:37:14.790Z", "datePublished": "2026-03-19T20:56:17.272Z", "dateUpdated": "2026-03-19T20:56:17.272Z"}, "containers": {"cna": {"title": "Discourse has Stored XSS in AI Triage Automation", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-95hc-42c6-wvvr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-95hc-42c6-wvvr"}, {"name": "https://github.com/discourse/discourse/commit/44b84439df7e4424b2e7f216fd8fdd7dacff2227", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/44b84439df7e4424b2e7f216fd8fdd7dacff2227"}, {"name": "https://github.com/discourse/discourse/commit/8ae7cb2414d6918d7fc45e1fda7ffbb32912a975", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/8ae7cb2414d6918d7fc45e1fda7ffbb32912a975"}, {"name": "https://github.com/discourse/discourse/commit/ed70949f2c047196f33cfa94f2819df29c5d1e5f", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/ed70949f2c047196f33cfa94f2819df29c5d1e5f"}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"version": ">= 2026.1.0-latest, < 2026.1.2", "status": "affected"}, {"version": ">= 2026.2.0-latest, < 2026.2.1", "status": "affected"}, {"version": "= 2026.3.0-latest", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-19T20:56:17.272Z"}, "descriptions": [{"lang": "en", "value": "Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model (LLM) and renders it using htmlSafe in the Review Queue interface without adequate sanitization. A malicious attacker can use valid Prompt Injection techniques to force the AI to return a malicious payload (e.g., tags). When a Staff member (Admin/Moderator) views the flagged post in the Review Queue, the payload executes. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, temporarily disable AI triage automation scripts."}], "source": {"advisory": "GHSA-95hc-42c6-wvvr", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model (LLM) and renders it using htmlSafe in the Review Queue interface without adequate sanitization. A malicious attacker can use valid Prompt Injection techniques to force the AI to return a malicious payload (e.g., tags). When a Staff member (Admin/Moderator) views the flagged post in the Review Queue, the payload executes. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, temporarily disable AI triage automation scripts."}], "id": "CVE-2026-27740", "lastModified": "2026-03-19T21:17:09.410", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-19T21:17:09.410", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/discourse/discourse/commit/44b84439df7e4424b2e7f216fd8fdd7dacff2227"}, {"source": "security-advisories@github.com", "url": "https://github.com/discourse/discourse/commit/8ae7cb2414d6918d7fc45e1fda7ffbb32912a975"}, {"source": "security-advisories@github.com", "url": "https://github.com/discourse/discourse/commit/ed70949f2c047196f33cfa94f2819df29c5d1e5f"}, {"source": "security-advisories@github.com", "url": "https://github.com/discourse/discourse/security/advisories/GHSA-95hc-42c6-wvvr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2026.1.0-latest,2026.1.2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2026.2.0-latest,2026.2.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2026.3.0-latest"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "discourse", "source": "cna", "vendor": "discourse"}, "product": "discourse", "vendor": "discourse"}], "analysis": {"en": {"generated_at": "2026-03-19T22:26:00.435920+00:00", "value": {"mitigation_remediation": ["Apply the official Discourse patch to version 2026.3.0-latest.1 or later"], "summary": {"action": "Patch Now", "impact": "Stored XSS affecting staff console"}, "threat_synthesis": {"affected_systems": "The affected product is the open\u2011source Discourse discussion platform. Vulnerable versions are any released before 2026.3.0-latest.1, 2026.2.1, or 2026.1.2. Versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2 contain a patch that resolves the issue. The public advisory is linked for reference.", "description_and_impact": "Discourse versions prior to 2026.3.0-latest.1, 2026.2.1 and 2026.1.2 contain a stored cross\u2011site scripting vulnerability that arises from the system trusting raw output from an AI Large Language Model and rendering it with htmlSafe in the Review Queue interface without sanitization. A malicious attacker can exploit prompt injection techniques to generate a malicious payload that executes when a Staff member (Admin/Moderator) views the flagged post, allowing the attacker to run arbitrary script in the victim\u2019s browser context. This is a CWE\u201179 type vulnerability.", "risk_and_exploitability": "The published CVSS score is 5.1, classifying the vulnerability as a medium severity issue. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local, as it requires an attacker to supply a malicious prompt to the LLM that is then rendered by a staff member viewing the Review Queue. Without the official patch or disabling the automation scripts, the vulnerability could be exploited by privileged users or through compromised staff accounts to inject and execute scripts in the admin interface."}}}}, "created": "2026-03-20T08:56:05.566602+00:00", "updated": "2026-03-20T11:06:15.324858+00:00", "vendors": ["discourse", "discourse$PRODUCT$discourse"]}