Skip to main content

Rocket Chat

53 CVEs product

Monthly

CVE-2026-55762 HIGH PATCH This Week

{"setDeploymentAs": "new-workspace"}. The endpoint correctly requires authentication but performs no role/permission check (CWE-862), so the action wipes cloud credentials, removes the workspace license, and breaks push notifications for all users until manual re-registration. No public exploit identified at time of analysis; the issue is a denial-of-service / integrity flaw rather than data theft (CVSS C:N, I:H, A:H = 8.1).

Authentication Bypass Rocket Chat
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-55759 HIGH PATCH This Week

Authentication bypass in Rocket.Chat's Apple Sign-In handler allows attackers to impersonate any user by replaying a captured Apple identity token. The handler verifies the JWT signature but skips validation of the aud, exp, nbf, and nonce claims, so any Apple-signed token with a non-empty iss is accepted indefinitely with no replay-window expiry. Affected versions are those prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Authentication Bypass Apple Rocket Chat
NVD GitHub
CVSS 3.1
7.4
EPSS
0.2%
CVE-2026-55666 CRITICAL PATCH Act Now

Authentication bypass leading to account takeover in Rocket.Chat affects the Apple Sign-In OAuth flow prior to versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13. The handleIdentityToken function in the Apple login handler falls back to trusting an attacker-supplied email value when the Apple-issued JWT omits an email claim, so a remote unauthenticated attacker can forge an email-less Apple JWT and log in as any victim by their email address. No public exploit is identified at time of analysis, but the CVSS 4.0 base score of 9.3 (critical) and trivial exploitation conditions make this a high priority for any instance with Apple login enabled.

Authentication Bypass Apple Rocket Chat
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-48616 CRITICAL Act Now

Unauthenticated information disclosure in Rocket.Chat allows remote attackers to enumerate and download arbitrary uploaded files via the Livechat file-download endpoint. The flaw at /file-upload/:fileId/:name validates rc_token against rc_rid but never checks that rc_rid matches the requested file's actual room ID, and sequential MongoDB ObjectIDs make :fileId predictable, enabling discovery of all uploads. No public exploit identified at time of analysis, but the HackerOne report (#3687142) and upstream fix PR are public.

Authentication Bypass Rocket Chat
NVD GitHub
CVSS 3.0
9.3
EPSS
0.3%
CVE-2026-48929 HIGH This Week

Unauthenticated file deletion in Rocket.Chat allows remote attackers to permanently delete arbitrary uploaded files from a target server via the deleteFileMessage Meteor method over a DDP WebSocket connection. The flaw stems from an authorization check that is silently skipped when Meteor.userId() returns null on unauthenticated DDP sessions, letting any internet-accessible attacker destroy attachments whose IDs are discoverable from public channel messages and download URLs. No public exploit identified at time of analysis, though a vendor patch and HackerOne disclosure (report 3611837) confirm the issue.

Authentication Bypass Rocket Chat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2026-32995 HIGH PATCH This Week

Cross-room message disclosure in Rocket.Chat allows any authenticated DDP user to read arbitrary messages - including those in private channels, direct messages, and E2EE rooms - by invoking the autoTranslate.translateMessage Meteor method with a target message ID. The flaw stems from missing access control and identity checks in the server-side method handler, with an upstream fix merged in PR #40528. No public exploit identified at time of analysis, though the trivial DDP call pattern makes weaponization straightforward.

Authentication Bypass Rocket Chat
NVD GitHub VulDB
CVSS 3.0
7.5
EPSS
0.0%
CVE-2026-32994 MEDIUM PATCH This Month

Broken access control on the /api/v1/autotranslate.translateMessage endpoint in Rocket.Chat allows any authenticated user to retrieve the full content of messages from rooms they have no membership in - including private groups, direct messages, and channels - by supplying only a valid message ID. The vulnerability stems from the complete absence of a room-level authorization check (canAccessRoomIdAsync is never invoked) before the message fetch via Messages.findOneById(). No public exploit code or CISA KEV listing has been identified at time of analysis, but the high confidentiality impact (C:H in CVSS) means successful exploitation exposes sensitive private communications organization-wide.

Authentication Bypass Rocket Chat
NVD VulDB
CVSS 3.0
5.3
EPSS
0.0%
CVE-2026-29197 MEDIUM PATCH This Month

Authenticated users in Rocket.Chat versions prior to 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10 can read application engine logs via the /api/apps/logs and /api/apps/:id/logs endpoints due to a typo in permission validation logic. The vulnerability allows authenticated attackers with insufficient privileges to bypass authorization checks and access sensitive logs containing partial information, with no public exploit confirmed at time of analysis.

Authentication Bypass Rocket Chat
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-29198 CRITICAL Act Now

In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured.

SQLi Rocket Chat
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-7974 HIGH This Month

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Rocket Chat
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47048 MEDIUM PATCH This Month

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rocket Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-46935 npm HIGH PATCH This Week

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rocket Chat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-46934 MEDIUM PATCH This Month

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rocket Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45621 MEDIUM This Month

The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39713 npm HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Rocket Chat
NVD
CVSS 3.1
8.6
EPSS
3.2%
CVE-2023-28359 MEDIUM This Month

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rocket Chat
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-28358 MEDIUM This Month

A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28357 MEDIUM This Month

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-28356 HIGH This Week

A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rocket Chat
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-28325 MEDIUM This Month

An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28318 MEDIUM This Month

A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-28317 MEDIUM This Month

A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-28316 CRITICAL Act Now

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Rocket Chat
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-23911 HIGH This Week

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23917 HIGH This Week

A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection XSS Rocket Chat
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-44567 CRITICAL Act Now

A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection XSS Rocket Chat
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-35251 MEDIUM POC This Month

A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rocket Chat
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35250 MEDIUM POC This Month

A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-35249 MEDIUM POC This Month

A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-35248 HIGH POC This Week

A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-35247 MEDIUM POC This Month

A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-35246 MEDIUM POC This Month

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-32229 MEDIUM POC This Month

A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32228 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32227 MEDIUM POC This Month

A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-32226 MEDIUM POC This Month

An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32220 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-32219 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32218 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32217 MEDIUM POC This Month

A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-32211 HIGH POC This Week

A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rocket Chat
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30124 MEDIUM POC This Month

An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-32832 MEDIUM POC PATCH This Month

Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Rocket Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-22910 CRITICAL POC Act Now

A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rocket Chat
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-22911 CRITICAL POC THREAT Act Now

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rocket Chat
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
95.2%
CVE-2021-22892 HIGH POC This Week

An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-22886 MEDIUM PATCH This Month

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rocket Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-29594 CRITICAL PATCH Act Now

Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rocket Chat
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-15926 MEDIUM POC PATCH This Month

Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Rocket Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2019-17220 MEDIUM POC PATCH This Month

Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Rocket Chat
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
4.0%
CVE-2018-13879 MEDIUM This Month

A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-13878 MEDIUM This Month

An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2017-1000054 MEDIUM This Month

Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD
CVSS 3.0
6.1
EPSS
0.2%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

{"setDeploymentAs": "new-workspace"}. The endpoint correctly requires authentication but performs no role/permission check (CWE-862), so the action wipes cloud credentials, removes the workspace license, and breaks push notifications for all users until manual re-registration. No public exploit identified at time of analysis; the issue is a denial-of-service / integrity flaw rather than data theft (CVSS C:N, I:H, A:H = 8.1).

Authentication Bypass Rocket Chat
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Authentication bypass in Rocket.Chat's Apple Sign-In handler allows attackers to impersonate any user by replaying a captured Apple identity token. The handler verifies the JWT signature but skips validation of the aud, exp, nbf, and nonce claims, so any Apple-signed token with a non-empty iss is accepted indefinitely with no replay-window expiry. Affected versions are those prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Authentication Bypass Apple Rocket Chat
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Authentication bypass leading to account takeover in Rocket.Chat affects the Apple Sign-In OAuth flow prior to versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13. The handleIdentityToken function in the Apple login handler falls back to trusting an attacker-supplied email value when the Apple-issued JWT omits an email claim, so a remote unauthenticated attacker can forge an email-less Apple JWT and log in as any victim by their email address. No public exploit is identified at time of analysis, but the CVSS 4.0 base score of 9.3 (critical) and trivial exploitation conditions make this a high priority for any instance with Apple login enabled.

Authentication Bypass Apple Rocket Chat
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated information disclosure in Rocket.Chat allows remote attackers to enumerate and download arbitrary uploaded files via the Livechat file-download endpoint. The flaw at /file-upload/:fileId/:name validates rc_token against rc_rid but never checks that rc_rid matches the requested file's actual room ID, and sequential MongoDB ObjectIDs make :fileId predictable, enabling discovery of all uploads. No public exploit identified at time of analysis, but the HackerOne report (#3687142) and upstream fix PR are public.

Authentication Bypass Rocket Chat
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated file deletion in Rocket.Chat allows remote attackers to permanently delete arbitrary uploaded files from a target server via the deleteFileMessage Meteor method over a DDP WebSocket connection. The flaw stems from an authorization check that is silently skipped when Meteor.userId() returns null on unauthenticated DDP sessions, letting any internet-accessible attacker destroy attachments whose IDs are discoverable from public channel messages and download URLs. No public exploit identified at time of analysis, though a vendor patch and HackerOne disclosure (report 3611837) confirm the issue.

Authentication Bypass Rocket Chat
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Cross-room message disclosure in Rocket.Chat allows any authenticated DDP user to read arbitrary messages - including those in private channels, direct messages, and E2EE rooms - by invoking the autoTranslate.translateMessage Meteor method with a target message ID. The flaw stems from missing access control and identity checks in the server-side method handler, with an upstream fix merged in PR #40528. No public exploit identified at time of analysis, though the trivial DDP call pattern makes weaponization straightforward.

Authentication Bypass Rocket Chat
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Broken access control on the /api/v1/autotranslate.translateMessage endpoint in Rocket.Chat allows any authenticated user to retrieve the full content of messages from rooms they have no membership in - including private groups, direct messages, and channels - by supplying only a valid message ID. The vulnerability stems from the complete absence of a room-level authorization check (canAccessRoomIdAsync is never invoked) before the message fetch via Messages.findOneById(). No public exploit code or CISA KEV listing has been identified at time of analysis, but the high confidentiality impact (C:H in CVSS) means successful exploitation exposes sensitive private communications organization-wide.

Authentication Bypass Rocket Chat
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Authenticated users in Rocket.Chat versions prior to 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10 can read application engine logs via the /api/apps/logs and /api/apps/:id/logs endpoints due to a typo in permission validation logic. The vulnerability allows authenticated attackers with insufficient privileges to bypass authorization checks and access sensitive logs containing partial information, with no public exploit confirmed at time of analysis.

Authentication Bypass Rocket Chat
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured.

SQLi Rocket Chat
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Month

rocket.chat Incorrect Authorization Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Rocket Chat
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rocket Chat
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rocket Chat
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rocket Chat
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD GitHub
EPSS 3% CVSS 8.6
HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Rocket Chat
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rocket Chat
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rocket Chat
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rocket Chat
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Rocket Chat
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection XSS Rocket Chat
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection XSS +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rocket Chat
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Rocket Chat
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload Rocket Chat
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rocket Chat
NVD
EPSS 1% CVSS 6.8
MEDIUM POC This Month

An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Rocket Chat
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rocket Chat
NVD
EPSS 95% CVSS 9.8
CRITICAL POC THREAT Act Now

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rocket Chat
NVD Exploit-DB
EPSS 2% CVSS 7.5
HIGH POC This Week

An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rocket Chat
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rocket Chat
NVD GitHub
EPSS 3% CVSS 6.1
MEDIUM POC PATCH This Month

Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Rocket Chat
NVD GitHub
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Rocket Chat
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM This Month

A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy