CVE-2026-32995_CVE-2026-32995

7.5 / 10

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage() without checking Meteor.userId() or verifying room membership. Any authenticated DDP user can read the content of any message by ID from any room (private channels, DMs, E2EE rooms) by calling this method.

Basic Information

ID CVE-2026-32995

Source hackerone

Published May 28, 2026 at 04:01

Affected Product

Vendor Rocket.Chat

Product Rocket.Chat

Version 8.5.0

Affected Versions Rocket.Chat Rocket.Chat 8.5.0
Rocket.Chat Rocket.Chat 8.4.0
Rocket.Chat Rocket.Chat 8.3.0
Rocket.Chat Rocket.Chat 8.2.0
Rocket.Chat Rocket.Chat 8.1.0
Rocket.Chat Rocket.Chat 8.0.0
Rocket.Chat Rocket.Chat 7.13.0
Rocket.Chat Rocket.Chat 7.10.0

CWE Classification

CWE-284

References

{
    "lastseen": "",
    "description": "The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage() without checking Meteor.userId() or verifying room membership. Any authenticated DDP user can read the content of any message by ID from any room (private channels, DMs, E2EE rooms) by calling this method.",
    "published": "2026-05-28T04:01:37.645Z",
    "modified": "2026-05-28T04:01:37.645Z",
    "type": "cve",
    "title": "CVE-2026-32995",
    "source": "hackerone",
    "references": "https://hackerone.com/reports/3734326\nhttps://github.com/RocketChat/Rocket.Chat/pull/40528",
    "id": "CVE-2026-32995",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Rocket.Chat Rocket.Chat 8.5.0\nRocket.Chat Rocket.Chat 8.4.0\nRocket.Chat Rocket.Chat 8.3.0\nRocket.Chat Rocket.Chat 8.2.0\nRocket.Chat Rocket.Chat 8.1.0\nRocket.Chat Rocket.Chat 8.0.0\nRocket.Chat Rocket.Chat 7.13.0\nRocket.Chat Rocket.Chat 7.10.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Rocket.Chat",
    "version": "8.5.0",
    "vendor": "Rocket.Chat",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}