CVE-2026-22560 - AskarLabs CVE Database

CVE-2026-22560

Vendor Rocket.chat

Product Rocket.Chat

Weakness CWE-601 · Open redirect

Published April 10, 2026

Last update April 14, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.

Key dates

02Disclosure timeline

April 10, 2026 CVE published

April 14, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-22560

Related vulnerabilities

04Related CVE

CVE-2024-41801 OpenProject packaged installation has Open Redirect Vulnerability in Sign-In in default configuration CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System CVE-2025-39404 WordPress Sassy Social Share plugin <= 3.3.73 - Open Redirection vulnerability CVE-2020-15241 Cross-Site Scripting in TYPO3 Fluid Engine CVE-2025-53535 Better Auth has an Open Redirect Vulnerability in originCheck Middleware Affecting Multiple Routes