CVE-2026-23477

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 6.12.0

Description Rocket.Chat is a communications platform. Versions up to 6.12.0 have an issue where the API endpoint '/api/v1/oauth-apps.get' is accessible to any authenticated user, irrespective of their role or permissions. This allows retrieval of OAuth application details, including potentially sensitive information like client id and client secret, if the user knows the application ID.

Recommendations Update to version 6.12.0 or later.