CVE-2026-34154

Vulnerability Description

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in versions 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1.

Related Weaknesses (CWE)

CWE-862

References

https://github.com/discourse/discourse/security/advisories/GHSA-pjgj-7mjq-6j7g

FAQ

What is CVE-2026-34154?

CVE-2026-34154 is a documented vulnerability. Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain ac...

How severe is CVE-2026-34154?

CVSS scoring is not yet available for CVE-2026-34154. Check NVD for updates.

Is there a patch for CVE-2026-34154?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.