Rocket.Chat Vulnerability Scope

Rocket.Chat is an open source team chat platform, focused on secure communication in one easy to use tool. Rocket.Chat connects teams with customers, suppliers and partners.

Rocket.Chat is a Web Chat Server, developed in JavaScript, using the Meteor full stack framework.

We are currently looking for the following items in Rocket.Chat Suite:

  • Code/command execution
  • Authentication bypass
  • Command injection


Think you figured out how to run unauthenticated commands on Rocket.Chat? We are looking for you! Found something not on this list? We still want to buy it!

No Bug Bounty Leaderboards, only safe disclosures