2 matches found
CVE-2026-45687 Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it...
CVE-2026-45687
CVE-2026-45687 affects Rocket.Chat prior to fixed versions (8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, 7.10.11). The issue lies in the sendFileMessage DDP path, where the attacker-provided file object is passed to Uploads.updateFileComplete and merged into a MongoDB $set via Object.assign ...