CVE-2026-22560

MEDIUM 5.3

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

4th

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.

CWE	CWE-601
Vendor	rocket.chat
Product	rocket.chat
Published	Apr 10, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for rocket.chat rocket.chat

Be the first to know when new medium vulnerabilities affecting rocket.chat rocket.chat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Rocket.Chat / Rocket.Chat

8.4.0 < 8.4.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

hackerone.com: https://hackerone.com/reports/3418031 github.com: https://github.com/RocketChat/Rocket.Chat/pull/38994