7.5

CVE-2026-32995

The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage() without checking Meteor.userId() or verifying room membership. Any authenticated DDP user can read the content of any message by ID from any room (private channels, DMs, E2EE rooms) by calling this method.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRocket.Chat
Produkt Rocket.Chat
Default Statusunaffected
Version 8.5.0
Version < 8.5.0
Status affected
Version 8.4.0
Version < 8.4.2
Status affected
Version 8.3.0
Version < 8.3.4
Status affected
Version 8.2.0
Version < 8.2.4
Status affected
Version 8.1.0
Version < 8.1.5
Status affected
Version 8.0.0
Version < 8.0.6
Status affected
Version 7.13.0
Version < 7.13.8
Status affected
Version 7.10.0
Version < 7.10.12
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.198
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
support@hackerone.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://hackerone.com/reports/3734326
https://github.com/RocketChat/Rocket.Chat/pull/40528