CVE-2026-55759

EPSS 0.24%
Veröffentlicht 24.06.2026 21:07:29
Zuletzt bearbeitet 25.06.2026 14:19:40
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Rocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replay

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted regardless of aud, exp, nbf, or nonce. An attacker who obtains a target user's Apple identity token (from server logs, an intercepted sign-in flow, or another application sharing the same Apple developer team) can replay it to authenticate as that user, with no expiration on the replay window. This vulnerability is fixed in 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRocketChat

≫

Produkt Rocket.Chat

Version >= 8.5.0-rc.0, < 8.5.1

Status affected

Version >= 8.4.0-rc.0, < 8.4.4

Status affected

Version >= 8.3.0-rc.0, < 8.3.6

Status affected

Version >= 8.2.0-rc.0, < 8.2.6

Status affected

Version >= 8.1.0-rc.0, < 8.1.6

Status affected

Version >= 7.11.0-rc.0, < 8.0.7

Status affected

Version < 7.10.13

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.153

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-c75c-5hc7-j4vp

https://nvd.nist.gov/vuln/detail/CVE-2026-55759

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-55759

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-55759

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-55759