CVE-2026-45294
5.3 MEDIUMFreeScout is a free help desk and shared inbox built with PHP's Laravel framework
Published: 2026-05-29 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-203, CWE-204
Description
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerate valid helpdesk agent email addresses. This vulnerability is fixed in 1.8.219.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-11289 — Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via... (6.5 MEDIUM)
- CVE-2026-11284 — Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origi... (6.5 MEDIUM)
- CVE-2026-43926 — FOSSBilling is a free, open-source billing and client management system
- CVE-2026-45620 — WWBN AVideo is an open source video platform (5.3 MEDIUM)
- CVE-2026-45410 — TREK is a collaborative travel planner (5.3 MEDIUM)