{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "extracted_events": [
              {
                "introduced": "8.4.0"
              },
              {
                "fixed": "8.4.2"
              },
              {
                "introduced": "8.3.0"
              },
              {
                "fixed": "8.3.4"
              },
              {
                "introduced": "8.2.0"
              },
              {
                "fixed": "8.2.4"
              },
              {
                "introduced": "8.1.0"
              },
              {
                "fixed": "8.1.5"
              },
              {
                "introduced": "8.0.0"
              },
              {
                "fixed": "8.0.6"
              },
              {
                "introduced": "7.13.0"
              },
              {
                "fixed": "7.13.8"
              },
              {
                "introduced": "7.10.0"
              },
              {
                "fixed": "7.10.12"
              },
              {
                "introduced": "8.5.0"
              },
              {
                "last_affected": "8.5.0"
              }
            ],
            "source": "AFFECTED_FIELD"
          },
          "events": [
            {
              "introduced": "bb8c7be629b7cbffc7387285c5cb98e5835ad85f"
            },
            {
              "fixed": "9c1c81ce89909c5b443da253a3775babfa3b9a19"
            },
            {
              "introduced": "00a1efa3fde455359510349d827acd91ba67905e"
            },
            {
              "fixed": "05728f08d89625042872554c7a8a1e7bc23e5b61"
            },
            {
              "introduced": "f2a05ceed2086266fa3e36cf575c1794f68f00ab"
            },
            {
              "fixed": "7214edf5fdca3a54c3fe168aa3bb3860cad491ca"
            },
            {
              "introduced": "2ca98764a077deb7efb710ff1d8f78c5c3e4c4a3"
            },
            {
              "fixed": "8819d70126d3cd6c0b7c5ece5ad6d76543150324"
            },
            {
              "introduced": "9e2e148b8d8c474b307c24d59f8592a172f017f5"
            },
            {
              "fixed": "cf00658355b062dda86a8db6aaea4b7c5cb61749"
            },
            {
              "introduced": "98c9d579501d877c263fe0a1db3cb69d0b52bf92"
            },
            {
              "fixed": "35c0d839014cefb1a43f5dd7f30139bfa08fa0a2"
            },
            {
              "introduced": "0aa2f45c40a30431c24aa1293bdee674e14aad2e"
            },
            {
              "fixed": "7cd60f9bcb1845a6fb793a9ce55be0bb3c8f36d2"
            },
            {
              "introduced": "d0230e1ed86163b5cf9da57fda09fa86ea0b5c9f"
            }
          ],
          "repo": "https://github.com/rocketchat/rocket.chat",
          "type": "GIT"
        }
      ],
      "versions": [
        "8.5.0"
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "hackerone",
    "cwe_ids": [
      "CWE-284"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32995.json"
  },
  "details": "The Rocket.Chat DDP method autoTranslate.translateMessage in versions \u003c8.5.0, \u003c8.4.2, \u003c8.3.4, \u003c8.2.4, \u003c8.1.5, \u003c8.0.5, \u003c7.13.8, and \u003c7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage() without checking Meteor.userId() or verifying room membership. Any authenticated DDP user can read the content of any message by ID from any room (private channels, DMs, E2EE rooms) by calling this method.",
  "id": "CVE-2026-32995",
  "modified": "2026-07-08T05:39:15.745330602Z",
  "published": "2026-05-28T04:01:37.645Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3734326"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32995.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32995"
    },
    {
      "type": "FIX",
      "url": "https://github.com/RocketChat/Rocket.Chat/pull/40528"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}