IP Input Validation Flaw in FreeScout Help Desk Application by FreeScout
CVE-2026-34443

6.9MEDIUM

Key Information:

Vendor

Freescout-help-desk

Status
Freescout
Vendor
CVE Published:
31 March 2026

What is CVE-2026-34443?

FreeScout, a help desk and shared inbox solution built on the PHP Laravel framework, suffers from an input validation issue in the checkIpByMask() function. Versions prior to 1.8.211 do not properly validate IP addresses that contain CIDR notations, leading to unprotected private IP ranges such as 10.0.0.0/8 and 172.16.0.0/12. This oversight can make the application susceptible to security risks, allowing potential unauthorized access to services relying on these private IP ranges. A fix has been introduced in version 1.8.211 to address this vulnerability.

Affected Version(s)

freescout < 1.8.211

References

https://github.com/freescout-help-desk/freescout/security...
x_refsource_CONFIRM
https://github.com/freescout-help-desk/freescout/commit/c...
x_refsource_MISC
https://github.com/freescout-help-desk/freescout/releases...
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.