NIXPKGS-2026-0436

GitHub issue published on

Permalink CVE-2026-27021

updated 2 months, 4 weeks ago by @LeSuisse Activity log

Created suggestion 2 months, 4 weeks ago
@LeSuisse ignored
5 packages
- discourse-mail-receiver
- python312Packages.pydiscourse
- python313Packages.pydiscourse
- python314Packages.pydiscourse
- grafanaPlugins.grafana-discourse-datasource
2 months, 4 weeks ago
@LeSuisse accepted 2 months, 4 weeks ago
@LeSuisse published on GitHub 2 months, 4 weeks ago

Discourse: Poll voters endpoint lacked post visibility checks

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the poll plugin lacked post visibility checks which allowed unauthorized access to voters details of polls in any post. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

References

https://github.com/discourse/discourse/security/advisories/GHSA-f5m5-9hpw-7c2g x_refsource_CONFIRM

Affected products

discourse

==< 2025.12.2
==>= 2026.2.0-latest, < 2026.2.0
==>= 2026.1.0-latest, < 2026.1.1

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 2025.12.1
- nixpkgs-unstable 2025.12.1
- nixos-unstable-small 2025.12.1
nixos-25.11 2025.12.1
- nixos-25.11-small 2025.12.1
- nixpkgs-25.11-darwin 2025.12.1

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 2025.12.1
- nixpkgs-unstable 2025.12.1
- nixos-unstable-small 2025.12.1
nixos-25.11 2025.12.1
- nixos-25.11-small 2025.12.1
- nixpkgs-25.11-darwin 2025.12.1

Ignored packages (5)

pkgs.discourse-mail-receiver

Helper program which receives incoming mail for Discourse

nixos-unstable 4.1.0
- nixpkgs-unstable 4.1.0
- nixos-unstable-small 4.1.0
nixos-25.11 4.1.0
- nixos-25.11-small 4.1.0
- nixpkgs-25.11-darwin 4.1.0

pkgs.python312Packages.pydiscourse

Python library for working with Discourse

nixos-25.11 1.7.0
- nixos-25.11-small 1.7.0
- nixpkgs-25.11-darwin 1.7.0

pkgs.python313Packages.pydiscourse

Python library for working with Discourse

nixos-unstable 1.7.0
- nixpkgs-unstable 1.7.0
- nixos-unstable-small 1.7.0
nixos-25.11 1.7.0
- nixos-25.11-small 1.7.0
- nixpkgs-25.11-darwin 1.7.0

pkgs.python314Packages.pydiscourse

Python library for working with Discourse

nixos-unstable 1.7.0
- nixpkgs-unstable 1.7.0
- nixos-unstable-small 1.7.0

pkgs.grafanaPlugins.grafana-discourse-datasource

Allows users to search and view topics, posts, users, tags, categories, and reports on a given Discourse forum through Grafana

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

Package maintainers

@talyz Kim Lindberger <kim.lindberger@gmail.com>

Upstream advisory: https://github.com/discourse/discourse/security/advisories/GHSA-f5m5-9hpw-7c2g

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0436

References

Affected products

Matching in nixpkgs

pkgs.discourse

pkgs.discourseAllPlugins

pkgs.discourse-mail-receiver

pkgs.python312Packages.pydiscourse

pkgs.python313Packages.pydiscourse

pkgs.python314Packages.pydiscourse

pkgs.grafanaPlugins.grafana-discourse-datasource

Package maintainers