PT-2026-44173 · Rocket.Chat+1 · Rocket.Chat
CVE-2026-32995
·
Published
2026-05-28
·
Updated
2026-05-28
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Rocket.Chat versions prior to 8.5.0
Rocket.Chat versions prior to 8.4.2
Rocket.Chat versions prior to 8.3.4
Rocket.Chat versions prior to 8.2.4
Rocket.Chat versions prior to 8.1.5
Rocket.Chat versions prior to 8.0.5
Rocket.Chat versions prior to 7.13.8
Rocket.Chat versions prior to 7.10.12
Description
The DDP method
autoTranslate.translateMessage() accepts a client-supplied IMessage object and processes it without verifying the Meteor.userId() or confirming the user's membership in the room. This allows any authenticated DDP user to read the content of any message by its ID from any room, including private channels, direct messages (DMs), and end-to-end encrypted (E2EE) rooms.Recommendations
Update to version 8.5.0 or later.
Update to version 8.4.2 or later.
Update to version 8.3.4 or later.
Update to version 8.2.4 or later.
Update to version 8.1.5 or later.
Update to version 8.0.5 or later.
Update to version 7.13.8 or later.
Update to version 7.10.12 or later.
As a temporary mitigation, restrict access to the
autoTranslate.translateMessage() method.Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rocket.Chat