VYPR
High severity7.5NVD Advisory· Published Sep 25, 2024· Updated Apr 15, 2026

CVE-2024-46936

CVE-2024-46936

Description

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • RocketChat/Rocket.chatreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <6.7.8 || >=6.7.8 && <6.8.6 || >=6.8.6 && <6.9.6 || >=6.9.6 && <6.10.5 || >=6.10.5 && <6.11.2 || >=6.11.2 && <6.12.0 || =6.12.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.