The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage() without checking Meteor.userId() or verifying room membership. Any authenticated DDP user can read the content of any message by ID from any room (private channels, DMs, E2EE rooms) by calling this method.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Rocket.chat |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
| Rocket.chat |
|
References
History
Thu, 28 May 2026 05:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Authentication‑Based Information Disclosure via autoTranslate.translateMessage in Rocket.Chat | |
| First Time appeared |
Rocket.chat
Rocket.chat rocket.chat |
|
| Vendors & Products |
Rocket.chat
Rocket.chat rocket.chat |
Thu, 28 May 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage() without checking Meteor.userId() or verifying room membership. Any authenticated DDP user can read the content of any message by ID from any room (private channels, DMs, E2EE rooms) by calling this method. | |
| Weaknesses | CWE-284 | |
| References |
| |
| Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published:
Updated: 2026-05-28T04:01:37.645Z
Reserved: 2026-03-17T15:00:07.746Z
Link: CVE-2026-32995
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-05-28T05:16:35.477
Modified: 2026-05-28T05:16:35.477
Link: CVE-2026-32995
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-28T05:30:06Z