Browse all 5 CVE security advisories affecting RocketChat. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-30833 | Rocket.Chat: NoSQL injection in the EE ddp-streamer-service — Rocket.ChatCWE-943 | 9.8 | - | 2026-03-06 |
| CVE-2026-30831 | Rocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamer — Rocket.ChatCWE-287 | 9.8 | - | 2026-03-06 |
| CVE-2026-28514 | Rocket.Chat: Users can login with any password via the EE ddp-streamer-service — Rocket.ChatCWE-287 | 9.8 | - | 2026-03-06 |
| CVE-2026-23477 | Rocket.Chat Unauthorized Access to OAuth App Details — Rocket.ChatCWE-269 | 7.7 | High | 2026-01-14 |
| CVE-2021-32832 | ReDOS in Rocket.Chat — Rocket.ChatCWE-400 | 4.3 | Medium | 2021-08-30 |
This page lists every published CVE security advisory associated with RocketChat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.