{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22560", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-07T15:39:03.440Z", "datePublished": "2026-04-10T17:00:11.746Z", "dateUpdated": "2026-04-14T19:04:32.571Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Rocket.Chat", "product": "Rocket.Chat", "versions": [{"version": "8.4.0", "status": "affected", "lessThan": "8.4.0", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/3418031"}, {"url": "https://github.com/RocketChat/Rocket.Chat/pull/38994"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-601", "description": "CWE-601 Open Redirect"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-04-10T17:00:11.746Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T19:04:29.881437Z", "id": "CVE-2026-22560", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T19:04:32.571Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-22560", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T19:04:29.881437Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T19:04:27.475Z"}}], "cna": {"affected": [{"vendor": "Rocket.Chat", "product": "Rocket.Chat", "versions": [{"status": "affected", "version": "8.4.0", "lessThan": "8.4.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://hackerone.com/reports/3418031"}, {"url": "https://github.com/RocketChat/Rocket.Chat/pull/38994"}], "descriptions": [{"lang": "en", "value": "An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 Open Redirect"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-04-10T17:00:11.746Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22560", "state": "PUBLISHED", "dateUpdated": "2026-04-14T19:04:32.571Z", "dateReserved": "2026-01-07T15:39:03.440Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-04-10T17:00:11.746Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*", "matchCriteriaId": "56DAA79C-714C-4F43-AA4B-FA20A6C95473", "versionEndExcluding": "8.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint."}], "id": "CVE-2026-22560", "lastModified": "2026-04-17T22:01:13.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-10T17:17:01.980", "references": [{"source": "support@hackerone.com", "tags": ["Issue Tracking"], "url": "https://github.com/RocketChat/Rocket.Chat/pull/38994"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking"], "url": "https://hackerone.com/reports/3418031"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "support@hackerone.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,8.4.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Rocket.Chat", "source": "cna", "vendor": "Rocket.Chat"}, "product": "rocket.chat", "vendor": "rocket.chat"}], "analysis": {"en": {"generated_at": "2026-04-14T21:53:39.430573+00:00", "value": {"mitigation_remediation": ["Upgrade Rocket.Chat to version 8.4.0 or later."], "summary": {"action": "Patch", "impact": "Open redirect"}, "threat_synthesis": {"affected_systems": "Any Rocket.Chat installation running a version earlier than 8.4.0 is affected. The issue is specific to the Rocket.Chat product provided by the vendor Rocket.Chat.", "description_and_impact": "An open redirect flaw exists in Rocket.Chat versions before 8.4.0, originating from a SAML endpoint that accepts redirect URLs via parameters without strict validation. The vulnerability allows an attacker to force users to be redirected to arbitrary web addresses, potentially enabling phishing or drive\u2011by downloads, without granting the attacker code execution or data exfiltration capabilities.", "risk_and_exploitability": "The vulnerability\u2019s base score of 5.3 indicates moderate risk; the exploit probability is estimated to be below one percent, implying that real\u2011world exploitation is unlikely. It is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers can exploit the flaw remotely by crafting a SAML URL that includes a malicious redirect parameter; no special privileges are required to use the endpoint."}}}}, "created": "2026-04-13T12:43:46.331461+00:00", "updated": "2026-04-15T16:00:07.793293+00:00", "vendors": ["rocket.chat", "rocket.chat$PRODUCT$rocket.chat"]}