CVE-2026-29197

🗓️ 23 Apr 2026 23:19:40Reported by hackeroneType

CVE-2026-29197 allows unauthorized read via apps logs endpoints due to a permission typo.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-29197	23 Apr 202623:19	–	attackerkb
CNNVD	Rocket.Chat 访问控制错误漏洞	24 Apr 202600:00	–	cnnvd
CVE	CVE-2026-29197	23 Apr 202623:19	–	cve
EUVD	EUVD-2026-25349	24 Apr 202600:31	–	euvd
Hacker One	Rocket.Chat: RBAC bypass on App log endpoints via `permissionRequired` typo — any authenticated user reads admin-only Enterprise App logs	6 Mar 202617:32	–	hackerone
NVD	CVE-2026-29197	24 Apr 202600:16	–	nvd
Positive Technologies	PT-2026-34796	23 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-29197	5 Jun 202619:49	–	redhatcve
Vulnrichment	CVE-2026-29197	23 Apr 202623:19	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Rocket.Chat",
    "product": "Rocket.Chat",
    "versions": [
      {
        "version": "8.4.0",
        "status": "affected",
        "lessThan": "8.4.0",
        "versionType": "semver"
      },
      {
        "version": "8.3.2",
        "status": "affected",
        "lessThan": "8.3.2",
        "versionType": "semver"
      },
      {
        "version": "8.2.2",
        "status": "affected",
        "lessThan": "8.2.2",
        "versionType": "semver"
      },
      {
        "version": "8.1.3",
        "status": "affected",
        "lessThan": "8.1.3",
        "versionType": "semver"
      },
      {
        "version": "8.0.4",
        "status": "affected",
        "lessThan": "8.0.4",
        "versionType": "semver"
      },
      {
        "version": "7.13.6",
        "status": "affected",
        "lessThan": "7.13.6",
        "versionType": "semver"
      },
      {
        "version": "7.12.7",
        "status": "affected",
        "lessThan": "7.12.7",
        "versionType": "semver"
      },
      {
        "version": "7.11.7",
        "status": "affected",
        "lessThan": "7.11.7",
        "versionType": "semver"
      },
      {
        "version": "7.10.10",
        "status": "affected",
        "lessThan": "7.10.10",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/RocketChat/Rocket.Chat/pull/40125
hackerone	www.hackerone.com/reports/3589551

23 Apr 2026 23:19Current

EPSS0.00182

CWE-284