CVE-2026-29198

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured.

Vendor	rocket.chat
Product	rocket.chat
Published	Apr 22, 2026

Stay Ahead of the Next One

Get instant alerts for rocket.chat rocket.chat

Be the first to know when new unknown vulnerabilities affecting rocket.chat rocket.chat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Rocket.Chat / Rocket.Chat

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

hackerone.com: https://hackerone.com/reports/3564655 github.com: https://github.com/RocketChat/Rocket.Chat/pull/39492