Medium severity5.3NVD Advisory· Published May 29, 2026· Updated Jun 2, 2026
CVE-2026-45294
CVE-2026-45294
Description
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerate valid helpdesk agent email addresses. This vulnerability is fixed in 1.8.219.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
1- FreeScout: Four Medium-to-High Severity Flaws Disclosed in a Single BatchVypr Intelligence · May 29, 2026