Synced 18 Jun 2026 05:58 UTC Account

Is Discourse 3.5.4 patched?

Discourse · cycle 3.5 · end of life · Official site ↗
3.5.440/100End of life

Current stable (2026.5.0): 74/100

Minimum safe version2026.1.4

3.5.4 has 4 open critical-or-high vulnerabilities. Run 2026.1.4 or later to clear them. See what 2026.1.4 fixes →

Health score40/100
Open issues34
Exploited now0
Cycle 3.5 EOL2026-01-28
Latest release2026.5.0

Summary iPlain-English security status for Discourse 3.5.4, built from its CVEs, active-exploitation data, end-of-life date and latest release.

Discourse 3.5.4 is part of the 3.5 release line. 34 known vulnerabilities affect it. The minimum safe version is 2026.1.4 — upgrade to it or later to clear the open critical/high issues. The 3.5 line reached end-of-life on 2026-01-28, so it no longer receives security patches. The latest supported Discourse release is 2026.5.0.

Known issues affecting 3.5.4

Exploited first, then by exploitation probability.

CVE-2021-41082 HIGH EPSS 2% → fixed in 2021-09-14 CVE-2026-45775 MEDIUM EPSS 0% → fixed in 2026.4.1 CVE-2026-27021 MEDIUM EPSS 0% → fixed in 2026.1.1 CVE-2025-59337 MEDIUM EPSS 0% → fixed in 3.6.0 CVE-2025-61598 MEDIUM EPSS 0% → fixed in 3.6.0 CVE-2026-44786 HIGH EPSS 0% → fixed in 2026.4.1 CVE-2026-26077 MEDIUM EPSS 0% → fixed in 2026.1.1 CVE-2026-26265 HIGH EPSS 0% → fixed in 2026.1.1 CVE-2025-58055 MEDIUM EPSS 0% → fixed in 3.6.0 CVE-2026-44784 MEDIUM EPSS 0% → fixed in 2026.4.1 CVE-2026-27162 MEDIUM EPSS 0% → fixed in 2026.1.1 CVE-2026-27149 MEDIUM EPSS 0% → fixed in 2026.1.1 CVE-2026-26078 HIGH EPSS 0% → fixed in 2026.1.1 CVE-2026-44779 MEDIUM EPSS 0% → fixed in 2026.4.1 CVE-2026-47264 MEDIUM EPSS 0% → fixed in 2026.4.1 CVE-2026-28219 MEDIUM EPSS 0% → fixed in 2026.1.1 CVE-2026-45085 MEDIUM EPSS 0% → fixed in 2026.4.1 CVE-2026-27166 MEDIUM EPSS 0% → fixed in 2026.3.0 CVE-2025-58054 LOW EPSS 0% → fixed in 3.6.0 CVE-2026-28227 LOW EPSS 0% → fixed in 2026.1.1

Other Discourse versions

Check another release line of Discourse.

Discourse 2026.5.0Discourse 2026.4.1Discourse 2026.3.1Discourse 2026.2.2Discourse 2026.1.4Discourse 2025.12.2Discourse 2025.11.2Discourse 3.4.7

Frequently asked

Is Discourse 3.5.4 patched?

Discourse 3.5.4 is end-of-life and no longer receives security patches. Move to 2026.5.0.

What version should I upgrade Discourse 3.5.4 to?

Upgrade Discourse 3.5.4 to at least 2026.1.4 to clear its 4 open critical-or-high vulnerabilities.

When does Discourse 3.5 reach end-of-life?

Discourse 3.5 reached end-of-life on 2026-01-28 and no longer receives security patches.

What is the latest version of Discourse?

The latest supported Discourse release is 2026.5.0.

Is Discourse 3.5.4 still receiving security updates?

No — Discourse 3.5.4 is on the 3.5 line, which reached end-of-life on 2026-01-28 and no longer receives security updates. Upgrade to 2026.5.0 or later to stay supported.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Discourse's official advisory before you patch or upgrade — Discourse official site ↗