Search criteria
2 vulnerabilities by abhinavxd
CVE-2026-26957 (GCVE-0-2026-26957)
Vulnerability from cvelistv5 – Published: 2026-02-19 23:30 – Updated: 2026-02-20 15:36
VLAI?
Title
Libredesk has an SSRF Vulnerability via Webhooks
Summary
Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal destinations. This could compromise the underlying cloud infrastructure or internal corporate network where the service is hosted. This issue has been fixed in version 1.0.2-0.20260215211005-727213631ce6.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| abhinavxd | github.com/abhinavxd/libredesk |
Affected:
< 1.0.2-0.20260215211005-727213631ce6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:31:49.605498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:36:49.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "github.com/abhinavxd/libredesk",
"vendor": "abhinavxd",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.2-0.20260215211005-727213631ce6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated \"Application Admin\" to force the server to make HTTP requests to arbitrary internal destinations. This could compromise the underlying cloud infrastructure or internal corporate network where the service is hosted. This issue has been fixed in version 1.0.2-0.20260215211005-727213631ce6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:30:48.166Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/abhinavxd/libredesk/security/advisories/GHSA-wgm6-9rvv-3438",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abhinavxd/libredesk/security/advisories/GHSA-wgm6-9rvv-3438"
},
{
"name": "https://github.com/abhinavxd/libredesk/commit/727213631ce6a36bcb06f50ce542155e78f51316",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/abhinavxd/libredesk/commit/727213631ce6a36bcb06f50ce542155e78f51316"
}
],
"source": {
"advisory": "GHSA-wgm6-9rvv-3438",
"discovery": "UNKNOWN"
},
"title": "Libredesk has an SSRF Vulnerability via Webhooks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26957",
"datePublished": "2026-02-19T23:30:48.166Z",
"dateReserved": "2026-02-16T22:20:28.611Z",
"dateUpdated": "2026-02-20T15:36:49.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68927 (GCVE-0-2025-68927)
Vulnerability from cvelistv5 – Published: 2025-12-27 00:04 – Updated: 2025-12-29 16:51
VLAI?
Title
Improper Neutralization of HTML Tags in a Web Page in libredesk
Summary
Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/{id}/notes, the backend automatically wraps user input in <p> tags. However, by intercepting the request and removing the <p> tag, an attacker can inject arbitrary HTML elements such as forms and images, which are then stored and rendered without proper sanitization. This can lead to phishing, CSRF-style forced actions, and UI redress attacks. This issue has been patched in version 0.8.6-beta.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68927",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-29T16:43:28.357109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T16:51:24.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/abhinavxd/libredesk/security/advisories/GHSA-wh6m-h6f4-rjf4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libredesk",
"vendor": "abhinavxd",
"versions": [
{
"status": "affected",
"version": "\u003c 0.8.6-beta"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/{id}/notes, the backend automatically wraps user input in \u003cp\u003e tags. However, by intercepting the request and removing the \u003cp\u003e tag, an attacker can inject arbitrary HTML elements such as forms and images, which are then stored and rendered without proper sanitization. This can lead to phishing, CSRF-style forced actions, and UI redress attacks. This issue has been patched in version 0.8.6-beta."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-27T00:04:49.621Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/abhinavxd/libredesk/security/advisories/GHSA-wh6m-h6f4-rjf4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/abhinavxd/libredesk/security/advisories/GHSA-wh6m-h6f4-rjf4"
},
{
"name": "https://github.com/abhinavxd/libredesk/commit/270347849943ac6a43e9fd6ebdc99c71841900eb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/abhinavxd/libredesk/commit/270347849943ac6a43e9fd6ebdc99c71841900eb"
}
],
"source": {
"advisory": "GHSA-wh6m-h6f4-rjf4",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of HTML Tags in a Web Page in libredesk"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68927",
"datePublished": "2025-12-27T00:04:49.621Z",
"dateReserved": "2025-12-24T23:40:31.797Z",
"dateUpdated": "2025-12-29T16:51:24.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}