Rocketchat Rocket.chat
18 CVEs affecting Rocketchat Rocket.chat. Latest disclosed: 2026-06-24. Critical: 4, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-30831 | Critical | 9.8 | 2026-03-06 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a… |
CVE-2026-28514 | Critical | 9.8 | 2026-03-06 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a… |
CVE-2026-45689 | Critical | 9.1 | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, an u… |
CVE-2026-45688 | Critical | 9.1 | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rock… |
CVE-2026-45687 | High | 8.5 | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rock… |
CVE-2026-55762 | High | 8.1 | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /ap… |
CVE-2026-23477 | High | 7.7 | 2026-01-14 | Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-app… |
CVE-2026-55759 | High | 7.4 | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat'… |
CVE-2026-49278 | Medium | 6.7 | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, in t… |
CVE-2017-1000054 | Medium | 6.1 | 2017-07-17 | Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. |
CVE-2026-30833 | Medium | 5.3 | 2026-03-06 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a… |
CVE-2026-47733 | Medium | 4.4 | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders use… |
CVE-2021-32832 | Medium | 4.3 | 2021-08-30 | Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an is… |
CVE-2026-55666 | | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in apps/mete… | |
CVE-2026-49277 | | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rock… | |
CVE-2026-46423 | | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rock… | |
CVE-2026-45757 | | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rock… | |
CVE-2026-45677 | | 2026-06-24 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rock… |