CVE-2026-34154

EUVD-2026-30969
Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a  vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
discoursediscourse
2026.1.0 ≤
𝑥
< 2026.1.4
discoursediscourse
2026.3.0 ≤
𝑥
< 2026.3.1
discoursediscourse
2026.4.0 ≤
𝑥
< 2026.4.1
discoursediscourse
2026.5.0
𝑥
= Vulnerable software versions