CVE-2026-26979 | Discourse up to 2025.12.1/2026.1.0 Private Category authorization
A vulnerability classified as problematic was found in Discourse up to 2025.12.1/2026.1.0. Affected by this vulnerability is an unknown functionality of the component Private Category Handler. Executing a manipulation can lead to missing authorization.
This vulnerability is registered as CVE-2026-26979. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is advised.