{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34443", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-27T18:18:14.894Z", "datePublished": "2026-03-31T21:28:16.370Z", "dateUpdated": "2026-04-01T18:54:55.589Z"}, "containers": {"cna": {"title": "FreeScout: SSRF protection bypass via broken CIDR check in checkIpByMask()", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-c9v3-4c59-x5q2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-c9v3-4c59-x5q2"}, {"name": "https://github.com/freescout-help-desk/freescout/commit/ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580", "tags": ["x_refsource_MISC"], "url": "https://github.com/freescout-help-desk/freescout/commit/ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580"}, {"name": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.211", "tags": ["x_refsource_MISC"], "url": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.211"}], "affected": [{"vendor": "freescout-help-desk", "product": "freescout", "versions": [{"version": "< 1.8.211", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T21:28:16.370Z"}, "descriptions": [{"lang": "en", "value": "FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR ranges. The entire 10.0.0.0/8 and 172.16.0.0/12 private ranges are unprotected. This issue has been patched in version 1.8.211."}], "source": {"advisory": "GHSA-c9v3-4c59-x5q2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:54:33.750257Z", "id": "CVE-2026-34443", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:54:55.589Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34443", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T18:54:33.750257Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:54:48.342Z"}}], "cna": {"title": "FreeScout: SSRF protection bypass via broken CIDR check in checkIpByMask()", "source": {"advisory": "GHSA-c9v3-4c59-x5q2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "freescout-help-desk", "product": "freescout", "versions": [{"status": "affected", "version": "< 1.8.211"}]}], "references": [{"url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-c9v3-4c59-x5q2", "name": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-c9v3-4c59-x5q2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/freescout-help-desk/freescout/commit/ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580", "name": "https://github.com/freescout-help-desk/freescout/commit/ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.211", "name": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.211", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR ranges. The entire 10.0.0.0/8 and 172.16.0.0/12 private ranges are unprotected. This issue has been patched in version 1.8.211."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T21:28:16.370Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34443", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:54:55.589Z", "dateReserved": "2026-03-27T18:18:14.894Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T21:28:16.370Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freescout:freescout:*:*:*:*:*:*:*:*", "matchCriteriaId": "4261C3DA-8327-4943-8E43-DE1D662BC634", "versionEndExcluding": "1.8.211", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php checks whether the input IP contains a / character. Plain IP addresses never contain /, so the function always returns false without checking any CIDR ranges. The entire 10.0.0.0/8 and 172.16.0.0/12 private ranges are unprotected. This issue has been patched in version 1.8.211."}], "id": "CVE-2026-34443", "lastModified": "2026-04-13T15:14:59.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T22:16:19.507", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/freescout-help-desk/freescout/commit/ca6d5bb572d3e8f52a0e654a8623a53cb0fdd580"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.211"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Exploit"], "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-c9v3-4c59-x5q2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.8.211)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "freescout", "source": "cna", "vendor": "freescout-help-desk"}, "product": "freescout", "vendor": "freescout_helpdesk"}], "analysis": {"en": {"generated_at": "2026-04-13T16:53:16.544271+00:00", "value": {"mitigation_remediation": ["Upgrade Freescout to version 1.8.211 or later to apply the patch that fixes the CIDR check.", "Verify that SSRF controls function correctly by testing with private IP addresses after the update.", "If an upgrade is not immediately possible, restrict outgoing requests from the FreeScout installation to external networks only, preventing private IP ranges from being accessed."], "summary": {"action": "Upgrade", "impact": "SSRF protection bypass enabling internal network access"}, "threat_synthesis": {"affected_systems": "This issue affects the FreeScout help desk application built on PHP's Laravel framework. All releases prior to 1.8.211 are vulnerable. The affected product is freescout-help-desk:freescout. Users running any version earlier than 1.8.211 are exposed to the SSRF bypass.", "description_and_impact": "This vulnerability is due to a flaw in the IP validation function checkIpByMask(). The function incorrectly rejects any IP containing a slash, causing the function to return false for plain IP addresses. As a result, private address ranges 10.0.0.0/8 and 172.16.0.0/12 bypass SSRF protection. An attacker can send requests that reach internal services via the application, potentially gaining access to internal resources or performing reconnaissance, impacting confidentiality and integrity of internal assets.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity, but the low EPSS of <1% suggests that exploitation is currently uncommon. The vulnerability is not listed in CISA KEV. Exploitation requires the attacker to be able to trigger the SSRF mechanism within the application, then supply a plain IP address that falls within a private network range; the buggy check allows such addresses to bypass the intended filter."}}}}, "created": "2026-04-02T07:52:10.253626+00:00", "updated": "2026-04-14T16:42:12.943494+00:00", "vendors": ["freescout_helpdesk", "freescout_helpdesk$PRODUCT$freescout"]}