CVE-2026-22560

Severity CVSS v4.0:

Pending analysis

Type:

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Publication date:

10/04/2026

Last modified:

10/04/2026

Description

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.

Impact

References to Advisories, Solutions, and Tools

https://github.com/RocketChat/Rocket.Chat/pull/38994
https://hackerone.com/reports/3418031