CVE-2026-22560

Summary

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.

Affected Software

VendorProductVersion RangeStatus
Rocket.ChatRocket.Chat8.4.0 < 8.4.0affected

Weaknesses

  • CWE-601: CWE-601 Open Redirect

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References