CVE-2026-4982

Name of the Vulnerable Software and Affected Versions Venueless (affected versions not specified)

Description A user possessing the "update world" permission within any Venueless world can potentially extract chat messages from direct messages or channels in other worlds on the same server. This is attributed to a flaw in the reporting functionality. The ability to successfully exploit this issue is limited as it requires knowledge of the internal channel UUID of the target chat channel, which is not easily accessible to external attackers, particularly for direct messages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.