CVE-2026-23477 in Rocket.Chatinformación

Resumen

por MITRE • 2026-01-14

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

GitHub M

Reservar

2026-01-13

Divulgación

2026-01-14

Moderación

aceptado

Artículo

VDB-341144

CPE

listo

CWE

CWE-269 (confirmado)

CVSS

6.5 (NVD)

EPSS

0.00067

KEV

Actividades

muy bajo

Sector

Pharma, Education, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-23477
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-23477
CVE Details	https://www.cvedetails.com/cve/CVE-2026-23477/

◂ Anterior Visión De Conjunto Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!