CVE-2026-29197
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing authenticated users without the proper permissions to read apps-engine logs.
| CWE | CWE-284 |
| Vendor | rocket.chat |
| Product | rocket.chat |
| Published | Apr 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for rocket.chat rocket.chat
Be the first to know when new unknown vulnerabilities affecting rocket.chat rocket.chat are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Rocket.Chat / Rocket.Chat
8.4.0 < 8.4.0 8.3.2 < 8.3.2 8.2.2 < 8.2.2 8.1.3 < 8.1.3 8.0.4 < 8.0.4 7.13.6 < 7.13.6 7.12.7 < 7.12.7 7.11.7 < 7.11.7 7.10.10 < 7.10.10