Host Header Manipulation in FreeScout Helps Attackers Redirect Users
CVE-2026-34442

5.4MEDIUM

Key Information:

Vendor: Freescout-help-desk
Status: Freescout
Vendor: CVE Published:; 31 March 2026

🔔 Create Freescout-help-desk Vulnerability Alert

What is CVE-2026-34442?

FreeScout, a PHP-based help desk application, contains a vulnerability that permits host header manipulation. This flaw occurs when unvalidated Host headers are utilized in generating URLs, allowing potential attackers to inject arbitrary domains into generated links. Such manipulation results in Open Redirect scenarios where users may be redirected to malicious domains, as well as enabling External Resource Loading from compromised servers. This issue has been resolved in FreeScout version 1.8.211, which implements proper validation measures.