CVE-2026-34442

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-34442

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34442.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-34442

Aliases

GHSA-822g-7rw5-53xj

Published

2026-03-31T21:28:19.830Z

Modified

2026-04-10T05:43:02.530305Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

Details

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version (http://localhost:8080/system/status) allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External Resource Loading and Open Redirect behavior. When the application constructs links and assets using the unvalidated Host header, user requests can be redirected to attacker-controlled domains and external resources may be loaded from malicious servers. This issue has been patched in version 1.8.211.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-20",
        "CWE-601",
        "CWE-829"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34442.json"
}

References

Affected packages

Git / github.com/freescout-help-desk/freescout

Affected ranges

Type

GIT

Repo

https://github.com/freescout-help-desk/freescout

Events

Introduced

Fixed

d8708d55e9bac26b1d3e39f701787fb84e3c1875

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.8.211"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.0

1.1.1

1.1.10

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.0

1.3.1

1.3.10

1.3.11

1.3.12

1.3.13

1.3.14

1.3.15

1.3.16

1.3.17

1.3.18

1.3.19

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4.0

1.4.1

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.6

1.4.7

1.4.8

1.4.9

1.5.0

1.5.1

1.5.10

1.5.11

1.5.12

1.5.13

1.5.14

1.5.15

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6.0

1.6.1

1.6.10

1.6.11

1.6.12

1.6.13

1.6.14

1.6.15

1.6.16

1.6.17

1.6.18

1.6.19

1.6.2

1.6.20

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7.0

1.7.1

1.7.10

1.7.11

1.7.12

1.7.13

1.7.14

1.7.15

1.7.16

1.7.17

1.7.18

1.7.19

1.7.2

1.7.20

1.7.21

1.7.22

1.7.23

1.7.24

1.7.25

1.7.26

1.7.27

1.7.28

1.7.3

1.7.30

1.7.4

1.7.5

1.7.6

1.7.7

1.7.9

1.8.0

1.8.1

1.8.10

1.8.100

1.8.101

1.8.102

1.8.103

1.8.104

1.8.105

1.8.106

1.8.107

1.8.108

1.8.109

1.8.11

1.8.110

1.8.111

1.8.112

1.8.113

1.8.114

1.8.115

1.8.116

1.8.117

1.8.118

1.8.119

1.8.12

1.8.120

1.8.121

1.8.122

1.8.123

1.8.124

1.8.125

1.8.126

1.8.127

1.8.128

1.8.129

1.8.13

1.8.130

1.8.131

1.8.132

1.8.133

1.8.134

1.8.135

1.8.136

1.8.137

1.8.138

1.8.139

1.8.14

1.8.140

1.8.141

1.8.142

1.8.143

1.8.144

1.8.145

1.8.146

1.8.147

1.8.148

1.8.149

1.8.15

1.8.150

1.8.151

1.8.152

1.8.153

1.8.154

1.8.155

1.8.156

1.8.157

1.8.158

1.8.159

1.8.16

1.8.160

1.8.161

1.8.162

1.8.163

1.8.164

1.8.165

1.8.166

1.8.167

1.8.168

1.8.169

1.8.17

1.8.170

1.8.171

1.8.172

1.8.173

1.8.174

1.8.175

1.8.176

1.8.177

1.8.178

1.8.179

1.8.18

1.8.180

1.8.181

1.8.182

1.8.183

1.8.184

1.8.185

1.8.186

1.8.187

1.8.188

1.8.189

1.8.19

1.8.190

1.8.191

1.8.192

1.8.193

1.8.194

1.8.195

1.8.196

1.8.197

1.8.198

1.8.199

1.8.2

1.8.20

1.8.200

1.8.201

1.8.202

1.8.203

1.8.204

1.8.205

1.8.206

1.8.207

1.8.208

1.8.209

1.8.21

1.8.210

1.8.22

1.8.23

1.8.24

1.8.25

1.8.26

1.8.27

1.8.28

1.8.29

1.8.3

1.8.30

1.8.31

1.8.32

1.8.33

1.8.34

1.8.35

1.8.36

1.8.37

1.8.38

1.8.39

1.8.4

1.8.40

1.8.41

1.8.42

1.8.43

1.8.44

1.8.45

1.8.46

1.8.47

1.8.48

1.8.49

1.8.5

1.8.50

1.8.51

1.8.52

1.8.53

1.8.54

1.8.55

1.8.56

1.8.57

1.8.58

1.8.59

1.8.6

1.8.60

1.8.61

1.8.62

1.8.63

1.8.65

1.8.66

1.8.67

1.8.68

1.8.69

1.8.7

1.8.70

1.8.71

1.8.72

1.8.73

1.8.74

1.8.75

1.8.76

1.8.77

1.8.78

1.8.79

1.8.8

1.8.80

1.8.81

1.8.82

1.8.83

1.8.84

1.8.85

1.8.86

1.8.87

1.8.88

1.8.89

1.8.9

1.8.90

1.8.91

1.8.92

1.8.93

1.8.94

1.8.95

1.8.96

1.8.97

1.8.98

1.8.99

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34442.json"