FreeScout is an open-source help desk and shared inbox application built on PHP's Laravel framework. The vulnerability CVE-2026-34443 is classified as CWE-918, Server-Side Request Forgery (SSRF). It arises from a logic flaw in the checkIpByMask() function located in app/Misc/Helper.php. This function is intended to verify if an input IP address falls within certain CIDR ranges to restrict access to private network addresses. However, the function only checks for the presence of a '/' character to identify CIDR notation. Since plain IP addresses do not contain '/', the function always returns false for them, effectively bypassing the CIDR range checks. Consequently, the private IP ranges 10.0.0.0/8 and 172.16.0.0/12 remain unprotected. An attacker can exploit this by sending crafted requests through FreeScout that target internal network resources, potentially accessing sensitive services or data not intended to be exposed externally. The vulnerability does not require any authentication or user interaction, making it remotely exploitable over the network. The CVSS 4.0 vector (AV:N/AC:L/AT:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N) indicates network attack vector, low attack complexity, no privileges or user interaction required, with low impact on confidentiality and integrity, and no impact on availability. The flaw was addressed and patched in FreeScout version 1.8.211. There are currently no known active exploits in the wild. Organizations using FreeScout versions prior to 1.8.211 are at risk and should upgrade to the patched version to prevent exploitation.

The SSRF vulnerability allows attackers to abuse the FreeScout server to send crafted requests to internal network resources that are otherwise inaccessible externally. This can lead to unauthorized access to sensitive internal services, such as databases, internal APIs, or cloud metadata services, potentially exposing confidential information or enabling further lateral movement within the network. Since the vulnerability requires no authentication or user interaction, it can be exploited by remote attackers without prior access. The impact on confidentiality and integrity is low to moderate depending on the internal resources accessed, but availability is not affected. Organizations relying on FreeScout for help desk operations may face data leakage or compromise of internal infrastructure if the vulnerability is exploited. The medium CVSS score reflects this moderate risk. The absence of known exploits in the wild reduces immediate threat but does not eliminate risk, especially as attackers often weaponize such vulnerabilities after disclosure. The scope includes all organizations using vulnerable FreeScout versions, particularly those with sensitive internal network services behind the affected FreeScout deployment.

1. Immediate upgrade of FreeScout installations to version 1.8.211 or later where the vulnerability is patched. 2. Implement network segmentation and firewall rules to restrict FreeScout server outbound requests to only trusted destinations, minimizing SSRF impact. 3. Employ web application firewalls (WAFs) with SSRF detection rules to monitor and block suspicious request patterns targeting internal IP ranges. 4. Conduct internal audits of FreeScout configurations and logs to detect any anomalous request activity indicative of SSRF exploitation attempts. 5. Limit the privileges of the FreeScout application user to reduce potential damage if exploited. 6. Regularly update and patch all software components to reduce exposure to known vulnerabilities. 7. Educate security teams about SSRF risks and monitoring techniques specific to FreeScout deployments. 8. If upgrading immediately is not feasible, consider temporary mitigations such as disabling features that perform external requests or applying custom patches to fix the IP validation logic.