A vulnerability has been found in Discourse up to 2026.1.1/2026.2.0/2026.3.0-latest and classified as problematic . Affected is an unknown function of the component policy_enabled Setting Handler . The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2026-29072 . The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.