A vulnerability, which was classified as problematic , was found in Discourse up to 2026.1.1/2026.2.0/2026.3.0-latest . This impacts an unknown function of the component policy_enabled Handler . Executing a manipulation can lead to incorrect authorization. This vulnerability is handled as CVE-2026-28282 . The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.