Open Redirect Vulnerability in FreeScout Help Desk Software
CVE-2026-41905

7.7HIGH

Key Information:

Vendor: Freescout-help-desk
Status: Freescout
Vendor: CVE Published:; 7 May 2026

🔔 Create Freescout-help-desk Vulnerability Alert

What is CVE-2026-41905?

FreeScout, a help desk application developed using the Laravel PHP framework, had a vulnerability where the Helper::sanitizeRemoteUrl() method did not properly validate redirected URLs. Instead of checking the final destination URL, it would only validate the original URL. This flaw enabled attackers to redirect users to internal services, including cloud metadata or internal APIs, which are usually protected from external access. This issue was resolved in the release of version 1.8.217.

Affected Version(s)

freescout < 1.8.217

References

https://github.com/freescout-help-desk/freescout/security...

x_refsource_CONFIRM

https://github.com/freescout-help-desk/freescout/releases...

x_refsource_MISC

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 22, 2026

CVE-2026-41905 Data

JSON