平台
nodejs
组件
rocket.chat
修复版本
7.10.9
7.11.6
7.12.6
7.13.5
8.0.3
8.1.2
8.2.1
CVE-2026-30831 describes an authentication bypass vulnerability discovered in Rocket.Chat, a popular open-source communication platform. This flaw allows attackers to circumvent Two-Factor Authentication (2FA) and potentially log in as deactivated users, compromising account security and data integrity. The vulnerability affects versions of Rocket.Chat prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0. A patch has been released to address this issue.
The primary impact of CVE-2026-30831 is the potential for unauthorized access to Rocket.Chat accounts. By exploiting this vulnerability, an attacker can bypass the standard Meteor login flow, circumventing 2FA and logging in as a legitimate user, even if their account has been deactivated. This could lead to data breaches, including access to sensitive conversations, files, and user information stored within the Rocket.Chat instance. The attacker could also potentially use the compromised account to escalate privileges or gain access to other systems within the organization, depending on the account's permissions and network configuration. This vulnerability highlights the importance of properly enforcing authentication controls, even in custom or extended functionalities like the DDP Streamer service.
CVE-2026-30831 was publicly disclosed on March 6, 2026. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is not yet widely available, but the vulnerability's nature suggests it could be easily exploited. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Organizations heavily reliant on Rocket.Chat for internal communications, particularly those with strict security requirements or handling sensitive data, are at significant risk. Environments utilizing custom integrations or extensions that interact with the DDP Streamer service are also at increased risk, as these may introduce additional attack vectors.
• nodejs / server: Monitor Rocket.Chat logs for unusual login attempts, particularly those originating from unexpected IP addresses or involving deactivated user accounts. Use journalctl -u rocket.chat to filter for login-related events.
• generic web: Use curl -I <rocket.chat_url>/api/v1/login to check the response headers for any unusual behavior or unexpected authentication flows. Examine access logs for suspicious requests targeting the login endpoint.
• database (mongodb): Use mongosh to query the Rocket.chat database for deactivated user accounts with recent login activity. Look for anomalies in user authentication logs.
disclosure
漏洞利用状态
EPSS
0.09% (25% 百分位)
CISA SSVC
The primary mitigation for CVE-2026-30831 is to upgrade Rocket.Chat to a patched version. Versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0 contain the necessary fixes. If immediate upgrade is not possible, consider temporarily restricting access to the DDP Streamer service or implementing stricter input validation on the Account.login endpoint. Review Rocket.Chat's access control lists (ACLs) to ensure that deactivated user accounts have minimal privileges. After upgrading, confirm the fix by attempting to log in with a deactivated user account and verifying that the login attempt is rejected.
Actualice Rocket.Chat a la versión 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1 o 8.2.0, o a una versión posterior que contenga la corrección para esta vulnerabilidad. Esto solucionará la omisión de la autenticación de dos factores y el inicio de sesión de usuarios desactivados a través del servicio EE ddp-streamer.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-30831 is a vulnerability in Rocket.Chat versions ≤ 8.2.0 that allows attackers to bypass Two-Factor Authentication and potentially log in as deactivated users, compromising account security.
You are affected if you are running Rocket.Chat versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, or 8.2.0. Upgrade to a patched version to mitigate the risk.
Upgrade Rocket.Chat to version 7.10.8 or later. If immediate upgrade is not possible, consider restricting access to the DDP Streamer service.
While no active exploitation has been confirmed, the vulnerability's nature suggests it could be easily exploited. Monitor security advisories and threat intelligence feeds.
Refer to the official Rocket.Chat security advisory for CVE-2026-30831 on the Rocket.Chat website or their security announcement channels.