CVE-2026-34442
Received Received - Intake
Host Header Injection in FreeScout Enables Open Redirects

Publication date: 2026-03-31

Last updated on: 2026-04-01

Assigner: GitHub, Inc.

Description
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version (http://localhost:8080/system/status) allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External Resource Loading and Open Redirect behavior. When the application constructs links and assets using the unvalidated Host header, user requests can be redirected to attacker-controlled domains and external resources may be loaded from malicious servers. This issue has been patched in version 1.8.211.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-01
Generated
2026-06-16
AI Q&A
2026-04-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-34442
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
freescout freescout to 1.8.211 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in FreeScout allows host header manipulation leading to open redirect and external resource loading attacks. This can facilitate phishing, UI redressing, and brand impersonation, which may increase the risk of unauthorized data exposure or user redirection to malicious sites.

Such security weaknesses can impact compliance with standards like GDPR and HIPAA by potentially exposing users to phishing attacks and unauthorized data access through malicious redirects or resource loading. These standards require protecting user data and ensuring secure application behavior to prevent data breaches and social engineering attacks.

However, the provided information does not explicitly describe direct compliance violations or specific regulatory impacts, only the security risks that could indirectly affect compliance.

Detection Guidance

This vulnerability can be detected by sending HTTP requests with manipulated Host headers to the FreeScout application endpoints and observing if the responses contain absolute URLs or redirects that include the attacker-controlled Host value.

A proof of concept involves crafting a request with a malicious Host header and checking if the application reflects this header in generated URLs or redirects.

For example, you can use curl commands to test the vulnerability by setting the Host header to a domain you control and inspecting the response for injected URLs.

  • curl -H "Host: attacker.com" http://localhost:8080/system/status -v
  • curl -H "Host: attacker.com" http://localhost:8080/conversation/ajax-html/default_redirect -v

If the response contains URLs or redirects pointing to attacker.com or other injected domains, the system is vulnerable.

Additionally, reviewing application logs for unusual Host header values or unexpected redirects can help detect exploitation attempts.

Executive Summary

This vulnerability exists in FreeScout, a help desk and shared inbox application built with PHP's Laravel framework. Prior to version 1.8.211, FreeScout improperly handles the Host header in HTTP requests. An attacker can manipulate this Host header to inject an arbitrary domain into the URLs generated by the application. This causes the application to create absolute URLs that point to attacker-controlled domains.

As a result, the application may load external resources from malicious servers and redirect users to attacker-controlled sites, leading to External Resource Loading and Open Redirect behavior.

Impact Analysis

This vulnerability can impact you by allowing attackers to redirect your users to malicious websites through crafted links generated by the application. This can lead to phishing attacks, where users are tricked into providing sensitive information on fake sites.

Additionally, loading external resources from attacker-controlled servers can expose users to malicious content or tracking, potentially compromising user privacy and security.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade FreeScout to version 1.8.211 or later, where the host header manipulation issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34442. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart