Rocket.chat Security Vulnerabilities (CVEs)

Track 9 security vulnerabilities affecting Rocket.chat products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

4 Critical

5 High

Sort by:

🔔 Get Alerts for Rocket.chat

CVE-2026-23477 7.7

This vulnerability allows any authenticated Rocket.Chat user to access OAuth application credentials (client_id and client_secret) by querying the /ap...

Jan 14, 2026

CVE-2024-46935 7.5

This vulnerability in Rocket.Chat allows attackers to cause denial of service by sending specially crafted messages containing specific characters. Th...

Sep 25, 2024

CVE-2024-39713 8.6

This Server-Side Request Forgery (SSRF) vulnerability in Rocket.Chat's Twilio webhook endpoint allows attackers to make unauthorized requests to inter...

Aug 5, 2024

CVE-2023-28356 7.5

This vulnerability allows attackers to send specially crafted messages containing specific character chains that cause a chat service process to enter...

May 11, 2023

CVE-2023-28316 9.8

A session fixation vulnerability in Rocket.Chat's 2FA implementation allows attackers to maintain access to compromised accounts even after 2FA is ena...

May 9, 2023

CVE-2023-23917 8.8

A prototype pollution vulnerability in Rocket.Chat server versions below 5.2.0 allows attackers to achieve remote code execution (RCE) under admin pri...

Feb 23, 2023

CVE-2021-22910 9.8

A NoSQL injection vulnerability in Rocket.Chat server allows attackers to execute arbitrary database queries through a specific endpoint. This can lea...

Aug 9, 2021

CVE-2021-22911 9.8

CVE-2021-22911 is an improper input sanitization vulnerability in Rocket.Chat that allows unauthenticated attackers to perform NoSQL injection attacks...

May 27, 2021

CVE-2020-29594 9.8

This vulnerability in Rocket.Chat allows attackers to bypass SAML authentication and gain unauthorized access to user accounts. It affects Rocket.Chat...

Dec 30, 2020

Why Monitor Rocket.chat Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 9+ known vulnerabilities affecting Rocket.chat products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Rocket.chat packages in under 60 seconds. No agents required - completely agentless scanning that works across Rocket.chat deployments.

Free vulnerability database: Access detailed information about every Rocket.chat CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Rocket.chat CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Rocket.chat CVEs Free