CVE-2026-26957
Published: Feb 19, 2026
Modified: Feb 20, 2026
Description
Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal destinations. This could compromise the underlying cloud infrastructure or internal corporate network where the service is hosted. This issue has been fixed in version 1.0.2-0.20260215211005-727213631ce6.
| Vendor | Product | Versions |
|---|---|---|
abhinavxd | github.com/abhinavxd/libredesk | affected < 1.0.2-0.20260215211005-727213631ce6 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now