Home / Vulnerability Intelligence / CVE-2026-34442

CVE-2026-34442 - Vulnerability Analysis

MediumCVSS: 5.4

Last Updated: April 1, 2026

FreeScout - Open Redirect

Published: March 31, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable

Overview

FreeScout < 1.8.211 contains an open redirect caused by unvalidated Host header manipulation in URL generation, letting attackers inject arbitrary domains for redirection and external resource loading, exploit requires crafted Host header.

Severity & Score

Severity: Medium

CVSS Score: 5.4

Impact

Attackers can redirect users to malicious domains and load external resources, facilitating phishing and malicious content delivery.

Mitigation

Update to version 1.8.211 or later.

References

https://github.com/freescout-help-desk/freescout/commit/889d75c8e3c15e6a7ddb6a4d4f65cc0379c29213
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.211
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-822g-7rw5-53xj

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34442
Severity: Medium
CVSS Score: 5.4
Type: open_redirect
Status: confirmed

CWE

CWE-20
CWE-601

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N