CVE-2026-22560

CVSS 5.3 MEDIUMEPSS 0.3%CWE-601

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Produtos afetados

Rocket.Chat · Rocket.Chat

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/RocketChat/Rocket.Chat/pull/38994 https://hackerone.com/reports/3418031