High
resolved
resolved
Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint
Bug reported by dpaysm was disclosed at June 30, 2026, 2:28 am | Uncontrolled Resource Consumption
A Denial of Service (DoS) vulnerability was identified in the /drafts.json endpoint on the Discourse forum. Large payloads (around 800,000 characters or more) submitted to create drafts caused the server to process the request, return a 502 Bad Gateway error, but still save the draft. Submitting multiple such large drafts led to significant server delays, with response times exceeding 32 seconds, indicating resource exhaustion.

