ГлавнаяУязвимости → CVE-2026-55420
7.5высокая

CVE-2026-55420

Описание

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.

Затрагиваемое ПО
Discourse Discourse
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/discourse/discourse/commit/ca5a7e06167561928556afa2f237d67e459c6914https://github.com/discourse/discourse/releases/tag/v2026.1.5https://github.com/discourse/discourse/releases/tag/v2026.4.2https://github.com/discourse/discourse/releases/tag/v2026.5.1https://github.com/discourse/discourse/releases/tag/v2026.6.0https://github.com/discourse/discourse/security/advisories/GHSA-7wq5-jgww-5rw3