Discourse — CVE-2026-32244 Cached AI Summaries Leak Removed Content

AI relevance: When AI-generated content is cached independently from its source material, updates or deletions to the original content don't automatically invalidate the cached AI output — creating a data-exposure gap that persists until someone regenerates the summary, which anonymous and unprivileged users cannot do.

What happened

Discourse, one of the most widely deployed open-source forum platforms, patched CVE-2026-32244 in its May 19, 2026 intermediate releases. The vulnerability affects all AI summarize feature deployments running versions prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.

• Stale AI summaries persist after content removal. When a thread or post is edited, deleted, or redacted after an AI summary has been generated and cached, the cached summary still contains details from the original content.
• Anonymous and unprivileged users can read the leaked data. Users who lack permission to view the original (now-removed or restricted) content can still read the AI summary containing that same information.
• No automatic cache invalidation. The vulnerability persists because the cache is not invalidated when source content changes. Only a user with regeneration privileges can refresh the summary — anonymous visitors cannot.
• Patches issued across four stable branches. Discourse released intermediate security fixes covering all active release lines, confirming the issue was treated as a priority.

Why it matters

• A fundamental AI caching pattern flaw. This isn't unique to Discourse — any system that caches AI-generated summaries, translations, or extracts independently from the source content faces the same risk. When source data is modified or deleted, the cached AI output becomes a shadow copy of now-revoked information.
• Privacy and compliance implications. Organizations running Discourse forums with AI summarization for GDPR, HIPAA, or internal compliance may have inadvertently exposed deleted content through stale summaries.
• Asymmetric visibility. The users most likely to benefit from the leak (anonymous or unprivileged) are the least likely to have visibility into whether content they're reading via summary still exists or has been redacted.

What to do

• Update Discourse to the patched versions: 2026.1.4, 2026.3.1, 2026.4.1, or 2026.5.0-latest.1.
• If you run AI summarize features, audit whether cached summaries may have exposed deleted or restricted content to users without access to the originals.
• Review any AI-generated content caching in your stack: implement cache invalidation tied to source content lifecycle events (edit, delete, restrict).
• Consider adding version or content-hash metadata to cached AI outputs so staleness can be detected automatically.

Sources

• Discourse Meta — May 19th 2026 Intermediate Releases
• TheHackerWire — CVE-2026-32244 Medium Vulnerability