CVE-2026-45294NVD

Vulnerability Summary

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerate valid helpdesk agent email addresses. This vulnerability is fixed in 1.8.219.

Severity Level

MEDIUM(5.3)

Published Date

May 29, 2026

Last Modified

Jun 2, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

CWE-203: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

EPSS Score (30-Day)

0.05%Probability

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityLow

IntegrityNone

AvailabilityNone

External References

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-jvmv-2qcp-7855
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-jvmv-2qcp-7855