Skip to main content

Rocket.Chat CVE-2026-23477

HIGH
Improper Privilege Management (CWE-269)
2026-01-14 security-advisories@github.com
Privilege Escalation Rocket.Chat
7.7
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.7 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 26, 2026 - 18:03 vuln.today
Public exploit code
CVE Published
Jan 14, 2026 - 19:16 nvd
HIGH 7.7

DescriptionGitHub Advisory

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0.

AnalysisAI

Rocket.Chat versions prior to 6.12.0 expose the OAuth applications API endpoint to any authenticated user, allowing disclosure of sensitive credentials including client IDs and secrets regardless of user role or permissions. An attacker with valid credentials can enumerate OAuth applications and extract their secrets by knowing application IDs, potentially compromising integrated third-party applications. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privilege user
Exploit
Call GET /api/v1/oauth-apps.get with known app ID
Execution
Retrieve OAuth client_id and client_secret
Impact
Use credentials for unauthorized access
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Rocket.Chat versions up to 6.12.0 with any authenticated user account; attacker requires knowledge of target OAuth application ID; no admin or special role permissions needed. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 7.7 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker (requires authentication) could exploit this vulnerability to compromise the affected system.
Remediation Fixed in version 6.12.0.. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 7 days: Identify all affected systems running Rocket.Chat and apply vendor patches promptly. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-23477 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy