Security Advisory

CVE-2026-29072

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-19 21:49:33

Last updated 2026-03-20 16:27:46

Assigner GitHub_M

State PUBLISHED

Description

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, disable the discourse-policy plugin by disabling the `policy_enabled` site setting.

← Browse all CVEs View on cve.org ↗