Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-29198
Analyzed
More InfoOfficial Page
Source-support@hackerone.com
View Known Exploited Vulnerability (KEV) details
Published At-23 Apr, 2026 | 00:16
Updated At-13 May, 2026 | 20:39

In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
rocket.chat
rocket.chat
>>rocket.chat>>Versions before 7.10.9(exclusive)
cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*
rocket.chat
rocket.chat
>>rocket.chat>>Versions from 7.11.0(inclusive) to 7.11.6(exclusive)
cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*
rocket.chat
rocket.chat
>>rocket.chat>>Versions from 7.12.0(inclusive) to 7.12.6(exclusive)
cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*
rocket.chat
rocket.chat
>>rocket.chat>>Versions from 7.13.0(inclusive) to 7.13.5(exclusive)
cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*
rocket.chat
rocket.chat
>>rocket.chat>>Versions from 8.0.0(inclusive) to 8.0.3(exclusive)
cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*
rocket.chat
rocket.chat
>>rocket.chat>>Versions from 8.1.0(inclusive) to 8.1.2(exclusive)
cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*
rocket.chat
rocket.chat
>>rocket.chat>>Versions from 8.2.0(inclusive) to 8.2.1(exclusive)
cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*
rocket.chat
rocket.chat
>>rocket.chat>>8.3.0
cpe:2.3:a:rocket.chat:rocket.chat:8.3.0:rc0:*:*:*:*:*:*
rocket.chat
rocket.chat
>>rocket.chat>>8.3.0
cpe:2.3:a:rocket.chat:rocket.chat:8.3.0:rc1:*:*:*:*:*:*
rocket.chat
rocket.chat
>>rocket.chat>>8.3.0
cpe:2.3:a:rocket.chat:rocket.chat:8.3.0:rc2:*:*:*:*:*:*
rocket.chat
rocket.chat
>>rocket.chat>>8.3.0
cpe:2.3:a:rocket.chat:rocket.chat:8.3.0:rc3:*:*:*:*:*:*
rocket.chat
rocket.chat
>>rocket.chat>>8.3.0
cpe:2.3:a:rocket.chat:rocket.chat:8.3.0:rc4:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-89
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/RocketChat/Rocket.Chat/pull/39492support@hackerone.com
Issue Tracking
Patch
https://hackerone.com/reports/3564655support@hackerone.com
Third Party Advisory
Hyperlink: https://github.com/RocketChat/Rocket.Chat/pull/39492
Source: support@hackerone.com
Resource:
Issue Tracking
Patch
Hyperlink: https://hackerone.com/reports/3564655
Source: support@hackerone.com
Resource:
Third Party Advisory
Change History
0Changes found
Details not found