CVE-2026-48616
NONE EPSS 22.1%
Published Jun 17, 20261w ago · Modified Jun 18, 20261w ago
Published Jun 17, 2026 1w ago
Last Modified Jun 18, 2026 1w ago
Description
Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file downloads at /file-upload/:fileId/:name authorize livechat access using rc_room_type=l with rc_rid+rc_token, but the authorization path does not verify that rc_rid matches the requested file's rid. Furthermore, :fileId is predictable via sequential MongoDB IDs, and :name can be anything, allowing unauthenticated discovery of all uploaded files.
Threat Intelligence
EPSS Exploit Probability
22.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-284
Affected Products 8
| Vendor | Product | Version | Range |
|---|---|---|---|
| rocket.chat | rocket.chat | * | <7.10.13 |
| rocket.chat | rocket.chat | * | ≥7.13.0 – <7.13.9 |
| rocket.chat | rocket.chat | * | ≥8.0.0 – <8.0.7 |
| rocket.chat | rocket.chat | * | ≥8.1.0 – <8.1.6 |
| rocket.chat | rocket.chat | * | ≥8.2.0 – <8.2.6 |
| rocket.chat | rocket.chat | * | ≥8.3.0 – <8.3.6 |
| rocket.chat | rocket.chat | * | ≥8.4.0 – <8.4.4 |
| rocket.chat | rocket.chat | * | ≥8.5.0 – <8.5.1 |
References 2
- github.com https://github.com/RocketChat/Rocket.Chat/pull/40889
- hackerone.com https://hackerone.com/reports/3687142
Remediation
- github.com https://github.com/RocketChat/Rocket.Chat/pull/40889