CVE-2026-41905: CWE-918: Server-Side Request Forgery (SSRF) in freescout-help-desk freescout
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final redirect destination. An attacker who can supply any URL that passes the initial host check can redirect FreeScout to internal HTTP services (cloud metadata, internal APIs, RFC1918 ranges) that would normally be blocked. This issue has been patched in version 1.8.217.
AI Analysis
Technical Summary
FreeScout, a PHP Laravel-based help desk application, contained an SSRF vulnerability in its Helper::sanitizeRemoteUrl() function. The function follows HTTP redirects but only re-validates the initial URL, not the final redirected destination. This flaw allows attackers who can supply URLs passing the initial host check to redirect requests to internal HTTP services such as cloud metadata endpoints, internal APIs, or RFC1918 private IP ranges. The vulnerability affects FreeScout versions before 1.8.217 and has been patched in that version.
Potential Impact
An attacker with at least low privileges can exploit this SSRF vulnerability to make the FreeScout server send HTTP requests to internal network resources that are normally inaccessible externally. This can lead to unauthorized information disclosure from internal services, including cloud metadata or internal APIs. The CVSS score of 7.7 reflects a high severity impact with high confidentiality impact but no integrity or availability impact.
Mitigation Recommendations
Upgrade FreeScout to version 1.8.217 or later, where this SSRF vulnerability has been patched. There is no indication of alternative mitigations or temporary fixes. Patch status is confirmed by the vendor advisory stating the issue is fixed in version 1.8.217.
CVE-2026-41905: CWE-918: Server-Side Request Forgery (SSRF) in freescout-help-desk freescout
Description
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final redirect destination. An attacker who can supply any URL that passes the initial host check can redirect FreeScout to internal HTTP services (cloud metadata, internal APIs, RFC1918 ranges) that would normally be blocked. This issue has been patched in version 1.8.217.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
FreeScout, a PHP Laravel-based help desk application, contained an SSRF vulnerability in its Helper::sanitizeRemoteUrl() function. The function follows HTTP redirects but only re-validates the initial URL, not the final redirected destination. This flaw allows attackers who can supply URLs passing the initial host check to redirect requests to internal HTTP services such as cloud metadata endpoints, internal APIs, or RFC1918 private IP ranges. The vulnerability affects FreeScout versions before 1.8.217 and has been patched in that version.
Potential Impact
An attacker with at least low privileges can exploit this SSRF vulnerability to make the FreeScout server send HTTP requests to internal network resources that are normally inaccessible externally. This can lead to unauthorized information disclosure from internal services, including cloud metadata or internal APIs. The CVSS score of 7.7 reflects a high severity impact with high confidentiality impact but no integrity or availability impact.
Mitigation Recommendations
Upgrade FreeScout to version 1.8.217 or later, where this SSRF vulnerability has been patched. There is no indication of alternative mitigations or temporary fixes. Patch status is confirmed by the vendor advisory stating the issue is fixed in version 1.8.217.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-22T15:11:54.672Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fcdf2dcbff5d86101f12e4
Added to database: 5/7/2026, 6:51:25 PM
Last enriched: 5/7/2026, 7:07:09 PM
Last updated: 5/8/2026, 10:55:16 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.