CVE-2026-32995

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage() without checking Meteor.userId() or verifying room membership. Any authenticated DDP user can read the content of any message by ID from any room (private channels, DMs, E2EE rooms) by calling this method.

Vulnerability Details

Published Date

May 28, 2026

Last Modified

May 28, 2026

CWE ID

CWE-284

Source

NVD

Vendor

Rocket.Chat

Product

Rocket.Chat

External References

https://github.com/RocketChat/Rocket.Chat/pull/40528
https://hackerone.com/reports/3734326

CVE-2026-32995

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment