CVE-2026-41905 | THREATINT

Description

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final redirect destination. An attacker who can supply any URL that passes the initial host check can redirect FreeScout to internal HTTP services (cloud metadata, internal APIs, RFC1918 ranges) that would normally be blocked. This issue has been patched in version 1.8.217.

PUBLISHED Reserved 2026-04-22 | Published 2026-05-07 | Updated 2026-05-07 | Assigner GitHub_M

HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-918: Server-Side Request Forgery (SSRF)

Product status

< 1.8.217

affected

References

github.com/...escout/security/advisories/GHSA-22wf-848c-c856 exploit

github.com/...escout/security/advisories/GHSA-22wf-848c-c856

github.com/...scout-help-desk/freescout/releases/tag/1.8.217

cve.org (CVE-2026-41905)

nvd.nist.gov (CVE-2026-41905)

Download JSON