Vulnerability in Freescout-help-desk Freescout
CVE-2026-45294
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing us…
EPSS: 0.001 (16.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Freescout-help-desk Freescout — versions < 1.8.219
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-45294?
- CVE-2026-45294 is a medium-severity vulnerability in Freescout-help-desk Freescout, classified under Observable Discrepancy. CVSS score: 5.3/10. Published 2026-05-29.
- How severe is CVE-2026-45294?
- Medium severity. CVSS v3 base score is 5.3 out of 10.