CVE-2026-34443

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.211

Description FreeScout, a help desk and shared inbox built with Laravel, has an issue in the checkIpByMask() function within app/Misc/Helper.php. The function incorrectly validates IP addresses, failing to properly check CIDR ranges. Specifically, it only checks for the presence of a '/' character, which is not present in standard IP addresses, and thus always returns false. This leaves the 10.0.0.0/8 and 172.16.0.0/12 private IP ranges unprotected.

Recommendations Update to version 1.8.211 or later.