CVE-2026-32995EPSS p19.9%

CVE-2026-32995CVE-2026-32995

Description

The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage() without checking Meteor.userId() or verifying room membership. Any authenticated DDP user can read the content of any message by ID from any room (private channels, DMs, E2EE rooms) by calling this method.

Scoring

CVSS 7.5 ()
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS0.28% probability of exploitation · percentile 19.9% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-28514
CVE
CVE-2026-30831
CVE
CVE-2026-29198
CVE
Apache RocketMQ Command Execution Vulnerability
CVE
CVE-2026-32924
CVE
CVE-2025-8164
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.