CVE-2026-27021 - Discourse: Poll voters endpoint lacked post visibility checks

CVE ID : CVE-2026-27021 Published : Feb. 26, 2026, 9:28 p.m. | 37 minutes ago Description : Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the poll plugin lacked post visibility checks which allowed unauthorized access to voters details of polls in any post. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...