{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27570", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-20T17:40:28.448Z", "datePublished": "2026-03-19T20:52:17.572Z", "dateUpdated": "2026-03-24T19:43:07.713Z"}, "containers": {"cna": {"title": "Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hfxw-89hw-vwmv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-hfxw-89hw-vwmv"}, {"name": "https://github.com/discourse/discourse/commit/43a5a60b595f0120e6adfc131f2408508fe341f1", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/43a5a60b595f0120e6adfc131f2408508fe341f1"}, {"name": "https://github.com/discourse/discourse/commit/c14f8f52b7999328bd9f8665f2ecfa24dadc4bf1", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/c14f8f52b7999328bd9f8665f2ecfa24dadc4bf1"}, {"name": "https://github.com/discourse/discourse/commit/f2aafa5c7467c94fcd4ebd36785a98e77ca088cc", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/f2aafa5c7467c94fcd4ebd36785a98e77ca088cc"}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"version": ">= 2026.1.0-latest, < 2026.1.2", "status": "affected"}, {"version": ">= 2026.2.0-latest, < 2026.2.1", "status": "affected"}, {"version": "= 2026.3.0-latest", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-19T20:52:17.572Z"}, "descriptions": [{"lang": "en", "value": "Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, tighten access by changing the `ai_bot_public_sharing_allowed_groups` site setting."}], "source": {"advisory": "GHSA-hfxw-89hw-vwmv", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T19:32:54.719699Z", "id": "CVE-2026-27570", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T19:43:07.713Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27570", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T19:32:54.719699Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T19:35:14.552Z"}}], "cna": {"title": "Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox", "source": {"advisory": "GHSA-hfxw-89hw-vwmv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"status": "affected", "version": ">= 2026.1.0-latest, < 2026.1.2"}, {"status": "affected", "version": ">= 2026.2.0-latest, < 2026.2.1"}, {"status": "affected", "version": "= 2026.3.0-latest"}]}], "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hfxw-89hw-vwmv", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-hfxw-89hw-vwmv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/discourse/discourse/commit/43a5a60b595f0120e6adfc131f2408508fe341f1", "name": "https://github.com/discourse/discourse/commit/43a5a60b595f0120e6adfc131f2408508fe341f1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/discourse/discourse/commit/c14f8f52b7999328bd9f8665f2ecfa24dadc4bf1", "name": "https://github.com/discourse/discourse/commit/c14f8f52b7999328bd9f8665f2ecfa24dadc4bf1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/discourse/discourse/commit/f2aafa5c7467c94fcd4ebd36785a98e77ca088cc", "name": "https://github.com/discourse/discourse/commit/f2aafa5c7467c94fcd4ebd36785a98e77ca088cc", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, tighten access by changing the `ai_bot_public_sharing_allowed_groups` site setting."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-19T20:52:17.572Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27570", "state": "PUBLISHED", "dateUpdated": "2026-03-24T19:43:07.713Z", "dateReserved": "2026-02-20T17:40:28.448Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-19T20:52:17.572Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BE96625-3609-410C-B41E-4A824C1A57C0", "versionEndExcluding": "2026.1.2", "versionStartIncluding": "2026.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD31CF04-CF2F-4FB9-8880-9243BC7671A7", "versionEndExcluding": "2026.2.1", "versionStartIncluding": "2026.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2026.3.0:*:*:*:latest:*:*:*", "matchCriteriaId": "E3FE9277-4F6B-4FD0-991F-F0FB8D226E1C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, tighten access by changing the `ai_bot_public_sharing_allowed_groups` site setting."}, {"lang": "es", "value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Antes de las versiones 2026.3.0-latest.1, 2026.2.1 y 2026.1.2, el m\u00e9todo onebox en el modelo SharedAiConversation renderiza el t\u00edtulo de la conversaci\u00f3n directamente en HTML sin una sanitizaci\u00f3n adecuada. Las versiones 2026.3.0-latest.1, 2026.2.1 y 2026.1.2 contienen un parche. Como soluci\u00f3n alternativa, restrinja el acceso cambiando la configuraci\u00f3n del sitio 'ai_bot_public_sharing_allowed_groups'."}], "id": "CVE-2026-27570", "lastModified": "2026-03-25T00:59:29.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-19T21:17:09.250", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/discourse/discourse/commit/43a5a60b595f0120e6adfc131f2408508fe341f1"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/discourse/discourse/commit/c14f8f52b7999328bd9f8665f2ecfa24dadc4bf1"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/discourse/discourse/commit/f2aafa5c7467c94fcd4ebd36785a98e77ca088cc"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-hfxw-89hw-vwmv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2026.1.0-latest,2026.1.2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2026.2.0-latest,2026.2.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2026.3.0-latest"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "discourse", "source": "cna", "vendor": "discourse"}, "product": "discourse", "vendor": "discourse"}], "analysis": {"en": {"generated_at": "2026-03-25T03:25:21.167664+00:00", "value": {"mitigation_remediation": ["Upgrade Discourse to version 2026.3.0\u2011latest.1, 2026.2.1, or 2026.1.2 or later.", "If an upgrade is not immediately possible, restrict the shared AI conversation feature by adjusting the ai_bot_public_sharing_allowed_groups site setting to exclude untrusted user groups.", "Verify that no compromised conversation titles exist and ensure all stored titles are rendered safely before deploying the fixes."], "summary": {"action": "Patch", "impact": "Stored XSS via unsanitized conversation title"}, "threat_synthesis": {"affected_systems": "The affected product is Discourse, the open\u2011source discussion platform. Versions before 2026.3.0\u2011latest.1, 2026.2.1, and 2026.1.2 are vulnerable. These release lines include a patch that sanitizes the title. No other vendors or products are listed.", "description_and_impact": "The vulnerability arises when the SharedAiConversation onebox renders the conversation title directly into HTML without sanitizing user input, enabling an attacker to embed malicious scripts. Once a forged title is stored, any user who views that conversation will execute the script in their browser, potentially granting the attacker access to the user\u2019s session or credentials. This flaw is classified as CWE\u201179 \u2013 Improper Neutralization of Input During Web Page Generation.", "risk_and_exploitability": "The CVSS score of 5.1 indicates moderate severity, and the EPSS score of less than 1% suggests a low chance of exploitation. The vulnerability is not part of CISA\u2019s KEV catalog. Exploitation requires the attacker to be able to create a shared AI conversation \u2013 an action that is inferred to be authenticated and performed by a user with sufficient privileges. Once a malicious title is created, the stored XSS can be triggered for any user that visits the conversation page, giving the attacker a broad impact across the site."}}}}, "created": "2026-03-20T08:56:07.247203+00:00", "updated": "2026-03-25T11:54:56.399686+00:00", "vendors": ["discourse", "discourse$PRODUCT$discourse"]}