Description

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing post_id as an array (e.g. post_id[]=&post_id[]=), the authorization check resolves to the accessible post while the poll lookup resolves to a different post's poll. This affects the vote, remove_vote, and toggle_status endpoints in DiscoursePoll::PollsController. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch.

INFO

Published Date :

2026-03-20T03:07:14.755Z

Last Modified :

2026-03-20T15:46:27.399Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31805 vulnerability.

Vendors Products
Discourse
  • Discourse
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31805.

URL Resource
https://github.com/discourse/discourse/commit/1a6b3cdd8939053f485a60a6ea004a40878392c4 cve-icon cve-icon
https://github.com/discourse/discourse/security/advisories/GHSA-fgxm-prjv-g823 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact