Back to CVE List

CVE-2026-45294

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Description

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerate valid helpdesk agent email addresses. This vulnerability is fixed in 1.8.219.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-203
Source
NVD
Vendor
freescout-help-desk
Product
freescout

External References

Discussion (0)

Add Comment

No comments yet. Be the first!