Vulnerability Database

322,904

Total vulnerabilities in the database

CVE-2026-23477

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0.

Published: Jan 14, 2026
Updated: Jan 27, 2026
CVE: CVE-2026-23477
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.7
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWEs:

Affected Software
References

Software	From	Fixed in
rocket.chat / rocket.chat	-	6.12.0

https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-g4wm-fg3c-g4p2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo