CVE-2026-26957 in libredeskinfo

Zusammenfassung

von MITRE • 20.02.2026

Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal destinations. This could compromise the underlying cloud infrastructure or internal corporate network where the service is hosted. This issue has been fixed in version 1.0.2-0.20260215211005-727213631ce6.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

16.02.2026

Veröffentlichung

20.02.2026

Moderieren

akzeptiert

Eintrag

VDB-347024

CPE

bereit

CWE

CWE-209 (bestätigt)

CVSS

6.5 (VulDB)

EPSS

0.00061

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-26957
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-26957
CVE Details	https://www.cvedetails.com/cve/CVE-2026-26957/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!