EUVD-2026-21500
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-04-10
hackerone
5.3
CVSS 3.1
Share
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Lifecycle Timeline
5
Patch available
Apr 16, 2026 - 05:29 EUVD
8.4.0
Analysis Generated
Apr 14, 2026 - 19:44 vuln.today
CVSS changed
Apr 14, 2026 - 19:22 NVD
5.3 (MEDIUM)
EUVD ID Assigned
Apr 10, 2026 - 17:15 euvd
EUVD-2026-21500
CVE Published
Apr 10, 2026 - 17:00 nvd
N/A
DescriptionNVD
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.
AnalysisAI
Open redirect vulnerability in Rocket.Chat SAML endpoint allows unauthenticated remote attackers to redirect users to arbitrary URLs by manipulating endpoint parameters, potentially enabling phishing attacks or credential theft. Affected versions prior to 8.4.0; patch available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).