CVE-2026-39384

Description

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into account when merging customers. This vulnerability is fixed in 1.8.212.

PUBLISHED Reserved 2026-04-06 | Published 2026-04-07 | Updated 2026-04-09 | Assigner GitHub_M

Problem types

CWE-639: Authorization Bypass Through User-Controlled Key

Product status

References

github.com/...escout/security/advisories/GHSA-j6v9-22vq-53vh exploit

github.com/...escout/security/advisories/GHSA-j6v9-22vq-53vh

github.com/...ommit/b395a1179117af5e2df704c6bad71feeb301b4ce

cve.org (CVE-2026-39384)

nvd.nist.gov (CVE-2026-39384)

Download JSON