CVE-2026-27151 | Discourse up to 2025.12.1/2026.1.0 move_posts authorization

February 26, 2026 Yanac

A vulnerability has been found in Discourse up to 2025.12.1/2026.1.0 and classified as problematic. The affected element is the function move_posts. Performing a manipulation results in missing authorization.

This vulnerability is reported as CVE-2026-27151. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More