CVE-2026-31805HIGH 8.2EPSS p11.7%

CVE-2026-31805CVE-2026-31805

Description

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing post_id as an array (e.g. post_id[]=&post_id[]=), the authorization check resolves to the accessible post while the poll lookup resolves to a different post's poll. This affects the vote, remove_vote, and toggle_status endpoints in DiscoursePoll::PollsController. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS0.21% probability of exploitation · percentile 11.7% · 2026-06-18T12:00:27Z
Published2026-03-20
Last modified2026-03-24

Underlying weaknesses· 2

CWE-20CWE-863

References

  1. https://github.com/discourse/discourse/commit/1a6b3cdd8939053f485a60a6ea004a40878392c4
  2. https://github.com/discourse/discourse/security/advisories/GHSA-fgxm-prjv-g823

2

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-33514
CVE
CVE-2025-23023
CVE
CVE-2026-34154
CVE
CVE-2026-32244
CVE
CVE-2025-48877
CVE
CVE-2025-53102
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.