CVE-2026-27152 | Discourse up to 2025.12.1/2026.1.0 Chat::AddUsersToChannel access control

A vulnerability was found in Discourse up to 2025.12.1/2026.1.0 and classified as critical. The impacted element is the function Chat::AddUsersToChannel. Executing a manipulation can lead to improper access controls.

This vulnerability appears as CVE-2026-27152. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More