CVE-2026-26957 in libredeskinformación

Resumen

por MITRE • 2026-02-20

Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal destinations. This could compromise the underlying cloud infrastructure or internal corporate network where the service is hosted. This issue has been fixed in version 1.0.2-0.20260215211005-727213631ce6.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

GitHub M

Reservar

2026-02-16

Divulgación

2026-02-20

Moderación

aceptado

Artículo

VDB-347024

CPE

listo

CWE

CWE-209 (confirmado)

CVSS

6.5 (VulDB)

EPSS

0.00061

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-26957
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-26957
CVE Details	https://www.cvedetails.com/cve/CVE-2026-26957/

◂ Anterior Visión De Conjunto Próximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!