Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Rocket.Chat | Rocket.Chat | unaffected |
|
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Rocket.chat | Rocket.chat | 100% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 17 Apr 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:* |
Wed, 15 Apr 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Open Redirect via SAML Endpoint in Rocket.Chat |
Tue, 14 Apr 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Mon, 13 Apr 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Open Redirect via SAML Endpoint in Rocket.Chat |
Mon, 13 Apr 2026 13:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Rocket.chat
Rocket.chat rocket.chat |
|
| Vendors & Products |
Rocket.chat
Rocket.chat rocket.chat |
Fri, 10 Apr 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint. | |
| Weaknesses | CWE-601 | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published:
Updated: 2026-04-14T19:04:32.571Z
Reserved: 2026-01-07T15:39:03.440Z
Link: CVE-2026-22560
Vulnrichment
Updated: 2026-04-14T19:04:27.475Z
NVD
Status : Analyzed
Published: 2026-04-10T17:17:01.980
Modified: 2026-04-17T22:01:13.620
Link: CVE-2026-22560
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-04-15T16:00:07Z