CVE-2026-29197

🗓️ 23 Apr 2026 23:19:40Reported by hackeroneType

cve🔗 web.nvd.nist.gov👁 17 Views🌐 WEB

Authenticated users with insufficient permissions can read apps logs due to typo in permission check.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-29197	23 Apr 202623:19	–	attackerkb
CNNVD	Rocket.Chat 访问控制错误漏洞	24 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-29197	23 Apr 202623:19	–	cvelist
EUVD	EUVD-2026-25349	24 Apr 202600:31	–	euvd
Hacker One	Rocket.Chat: RBAC bypass on App log endpoints via `permissionRequired` typo — any authenticated user reads admin-only Enterprise App logs	6 Mar 202617:32	–	hackerone
NVD	CVE-2026-29197	24 Apr 202600:16	–	nvd
Positive Technologies	PT-2026-34796	23 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-29197	5 Jun 202619:49	–	redhatcve
Vulnrichment	CVE-2026-29197	23 Apr 202623:19	–	vulnrichment

NVD

Vulners

Node

rocket.chat rocket.chatRange7.10.0–7.10.10

rocket.chat rocket.chatRange7.11.0–7.11.7

rocket.chat rocket.chatRange7.12.0–7.12.7

rocket.chat rocket.chatRange7.13.0–7.13.6

rocket.chat rocket.chatRange8.0.0–8.0.4

rocket.chat rocket.chatRange8.1.0–8.1.3

rocket.chat rocket.chatRange8.2.0–8.2.2

rocket.chat rocket.chatRange8.3.0–8.3.2

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Rocket.Chat",
    "product": "Rocket.Chat",
    "versions": [
      {
        "version": "8.4.0",
        "status": "affected",
        "lessThan": "8.4.0",
        "versionType": "semver"
      },
      {
        "version": "8.3.2",
        "status": "affected",
        "lessThan": "8.3.2",
        "versionType": "semver"
      },
      {
        "version": "8.2.2",
        "status": "affected",
        "lessThan": "8.2.2",
        "versionType": "semver"
      },
      {
        "version": "8.1.3",
        "status": "affected",
        "lessThan": "8.1.3",
        "versionType": "semver"
      },
      {
        "version": "8.0.4",
        "status": "affected",
        "lessThan": "8.0.4",
        "versionType": "semver"
      },
      {
        "version": "7.13.6",
        "status": "affected",
        "lessThan": "7.13.6",
        "versionType": "semver"
      },
      {
        "version": "7.12.7",
        "status": "affected",
        "lessThan": "7.12.7",
        "versionType": "semver"
      },
      {
        "version": "7.11.7",
        "status": "affected",
        "lessThan": "7.11.7",
        "versionType": "semver"
      },
      {
        "version": "7.10.10",
        "status": "affected",
        "lessThan": "7.10.10",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/RocketChat/Rocket.Chat/pull/40125
hackerone	www.hackerone.com/reports/3589551

Parameter	Position	Path	Description	CWE
id	path	/api/apps/:id/logs	Typo in permission check allows authenticated users without proper permissions to read logs for a specific app via /api/apps/:id/logs.	CWE-284

17 Jun 2026 10:29Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.3

EPSS0.00182

SSVC

CWE-284