High severity7.5NVD Advisory· Published Sep 25, 2024· Updated Apr 15, 2026
CVE-2024-46936
CVE-2024-46936
Description
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <6.7.8 || >=6.7.8 && <6.8.6 || >=6.8.6 && <6.9.6 || >=6.9.6 && <6.10.5 || >=6.10.5 && <6.11.2 || >=6.11.2 && <6.12.0 || =6.12.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.