216.73.217.98

CVE-2026-23477

· Published 14/01/2026 19:16 · Modified 14/01/2026 19:16

Labels: CVE-2026-23477 2026-01-14CVE-2026-23477CWE-269[email protected]

Essential information

Published
14/01/2026 19:16
Modified
14/01/2026 19:16
Author
Creator
CVSS
7.7 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS metrics

Description

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
rocketchat / rocketchat cpe:2.3:a:rocketchat:rocketchat:<6.12.0:*:*:*:*:*:*:*

References