CVE-2026-26077 | Discourse up to 2025.12.1/2026.1.0 Webhook Endpoint WebhooksController improper authentication

A vulnerability was found in Discourse up to 2025.12.1/2026.1.0. It has been declared as critical. Impacted is the function WebhooksController of the component Webhook Endpoint. Such manipulation leads to improper authentication.

This vulnerability is referenced as CVE-2026-26077. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More