Browse all 8 CVE security advisories affecting Rocket.Chat. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rocket.Chat serves as an open-source communication platform for team collaboration and customer engagement, offering real-time messaging, video conferencing, and workflow automation. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. While no major public security incidents have been widely documented, the platform's 8 recorded CVEs highlight ongoing security challenges in its rapidly evolving codebase. Its self-hosted nature provides organizations with control over their data but also places responsibility for patch management and hardening on users, making regular updates and security configurations essential for maintaining a secure deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-29197 | Rocket.Chat 访问控制错误漏洞 — Rocket.ChatCWE-284 | 4.3AI | MediumAI | 2026-04-23 |
| CVE-2026-29198 | Rocket.Chat SQL注入漏洞 — Rocket.Chat | 9.8AI | CriticalAI | 2026-04-22 |
| CVE-2026-22560 | Rocket.Chat 安全漏洞 — Rocket.ChatCWE-601 | 6.1 | - | 2026-04-10 |
| CVE-2025-7974 | rocket.chat Incorrect Authorization Information Disclosure Vulnerability — rocket.chatCWE-863 | 7.5 | - | 2025-09-02 |
| CVE-2024-39713 | Rocket.Chat 安全漏洞 — Rocket.Chat | 7.5AI | HighAI | 2024-08-05 |
| CVE-2024-37405 | RocketChat LiveChat 安全漏洞 — Rocket.Chat | 5.3AI | MediumAI | 2024-07-12 |
This page lists every published CVE security advisory associated with Rocket.Chat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.