CVE-2025-68479 – Discourse subscriptions are susceptible to takeover

CVE ID : CVE-2025-68479

Published : Jan. 28, 2026, 6:34 p.m. | 34 minutes ago

Description : Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…