Primary

Context

Rocket.Chat Open Redirect Vulnerability

Vulnerability

Patched

An open redirect vulnerability exists in Rocket.Chat versions prior to 8.4.0. The issue arises in the SAML single logout redirect endpoint, which improperly validates redirect URLs before using them in a 302 response. This flaw allows unauthenticated users to be redirected to arbitrary external sites, potentially leading to phishing attacks or other malicious activities.

Impact

Exploitation of this vulnerability could result in unauthorized redirection of users to external websites, which could be used for phishing or other malicious purposes.

Remediation

Users can upgrade to Rocket.Chat version 8.4.0 or later to address this vulnerability.

Added: Apr 10, 2026, 6:54 PM

Updated: Apr 10, 2026, 6:54 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.2

exploitability

7.7

remediation

7.7

relevance

5.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.2

exploitability

7.7

remediation

7.7

relevance

5.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rocket.Chat Open Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rocket.Chat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating