CVE-2026-45677— Rocket.Chat SAML登出签名验证缺失导致拒绝服务漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-45677 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Rocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoS
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a target user's SAML NameID - which major identity providers (Okta, Google Workspace, Microsoft Entra ID, JumpCloud) expose as the user's email address - can craft a valid-looking unsigned LogoutRequest and submit it to the SP logout endpoint. The server processes it as legitimate, immediately destroying the victim's session. Because the attack requires no authentication and no interaction from the victim, it can be repeated in a loop against individual users or scripted across many accounts, effectively rendering the Rocket.Chat instance unusable for SAML-authenticated users. This vulnerability is fixed in 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
授权机制缺失
来源: 美国国家漏洞数据库 NVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| RocketChat | Rocket.Chat | >= 8.5.0-rc.0, < 8.5.0 | - |
二、漏洞 CVE-2026-45677 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-45677 的情报信息
请登录查看更多情报信息。
CVE-2026-45677 其他参考 (1)
同批安全公告 · RocketChat · 2026-06-24 · 共 12 条
| CVE-2026-45688 | 9.1 CRITICAL | Rocket.Chat CAS登录处理器预认证NoSQL注入漏洞 |
| CVE-2026-45689 | 9.1 CRITICAL | Rocket.Chat OAuth2端点未授权NoSQL注入导致用户账户接管漏洞 |
| CVE-2026-45687 | 8.5 HIGH | Rocket.Chat 质量赋值致任意数据导出漏洞 |
| CVE-2026-55762 | 8.1 HIGH | Rocket.Chat 未授权接口导致永久注销工作区漏洞 |
| CVE-2026-55759 | 7.4 HIGH | Rocket.Chat Apple登录JWT验证绕过漏洞 |
| CVE-2026-49278 | 6.7 MEDIUM | Rocket.Chat 访客信息泄露漏洞 |
| CVE-2026-47733 | 4.4 MEDIUM | Rocket.Chat ImageElement 缺少URL协议过滤导致XSS漏洞 |
| CVE-2026-45757 | Rocket.Chat 空闲用户禁用漏洞未撤销登录令牌 | |
| CVE-2026-49277 | Rocket.Chat 账户停用后 OAuth 令牌未失效 | |
| CVE-2026-46423 | Rocket.Chat SAML签名验证绕过漏洞 | |
| CVE-2026-55666 | Rocket.Chat Apple OAuth 邮箱参数回退导致账户接管漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2026-45677
暂无评论