CVE-2026-32995
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
11th
The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage() without checking Meteor.userId() or verifying room membership. Any authenticated DDP user can read the content of any message by ID from any room (private channels, DMs, E2EE rooms) by calling this method.
| CWE | CWE-284 |
| Vendor | rocket.chat |
| Product | rocket.chat |
| Published | May 28, 2026 |
| Last Updated | May 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for rocket.chat rocket.chat
Be the first to know when new high vulnerabilities affecting rocket.chat rocket.chat are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Versions
Rocket.Chat / Rocket.Chat
8.5.0 < 8.5.0 8.4.0 < 8.4.2 8.3.0 < 8.3.4 8.2.0 < 8.2.4 8.1.0 < 8.1.5 8.0.0 < 8.0.6 7.13.0 < 7.13.8 7.10.0 < 7.10.12