Reserachers have found a vulnerability in open.rocket.chat and I able to bypass 2FA by Email confirmation link.
In this case, attackers use the email confirmation link because, often, 2FA is not implemented on the system’s login page after a email confirmation.
https://hackerone.com/reports/1701378