CVE-2026-30833— Rocket.Chat: NoSQL injection in the EE ddp-streamer-service
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-30833
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rocket.Chat: NoSQL injection in the EE ddp-streamer-service
Source: NVD (National Vulnerability Database)
Vulnerability Description
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated attackers to manipulate MongoDB queries during authentication. The vulnerability is located in the username-based login flow where user-supplied input is directly embedded into a MongoDB query selector without validation. An attacker can inject MongoDB operator expressions (e.g., { $regex: '.*' }) in place of a username string, causing the database query to match unintended user records. This issue has been patched in versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
数据查询逻辑中特殊元素的不当中和
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rocket.Chat 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rocket.Chat是Rocket.Chat公司的一个聊天软件。 Rocket.Chat 7.10.8之前版本、7.11.5之前版本、7.12.5之前版本、7.13.4之前版本、8.0.2之前版本、8.1.1之前版本和8.2.0之前版本存在安全漏洞,该漏洞源于账户服务中用户输入直接嵌入MongoDB查询选择器而未经验证,可能导致非关系型数据库注入攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| RocketChat | Rocket.Chat | < 7.10.8 | - |
II. Public POCs for CVE-2026-30833
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-30833
Please Login to view more intelligence information
Same Patch Batch · RocketChat · 2026-03-06 · 3 CVEs total
| CVE-2026-30831 | Rocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamer | |
| CVE-2026-28514 | Rocket.Chat: Users can login with any password via the EE ddp-streamer-service |
IV. Related Vulnerabilities
Same weakness: CWE-943
- CVE-2026-33566
LogonTracer 安全漏洞 - CVE-2026-41327
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injectio - CVE-2026-41328
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injectio - CVE-2026-41274
Flowise: Cypher Injection in GraphCypherQAChain - CVE-2026-6626
Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic
V. Comments for CVE-2026-30833
No comments yet