CVE-2026-26957

UNKNOWN 0.0

Libredesk has an SSRF Vulnerability via Webhooks

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin" to force the server to make HTTP requests to arbitrary internal destinations. This could compromise the underlying cloud infrastructure or internal corporate network where the service is hosted. This issue has been fixed in version 1.0.2-0.20260215211005-727213631ce6.

CWE	CWE-209 CWE-918
Vendor	abhinavxd
Product	github.com/abhinavxd/libredesk
Published	Feb 19, 2026
Last Updated	Feb 20, 2026

Stay Ahead of the Next One

Get instant alerts for abhinavxd github.com/abhinavxd/libredesk

Be the first to know when new unknown vulnerabilities affecting abhinavxd github.com/abhinavxd/libredesk are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

abhinavxd / github.com/abhinavxd/libredesk

< 1.0.2-0.20260215211005-727213631ce6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/abhinavxd/libredesk/security/advisories/GHSA-wgm6-9rvv-3438 github.com: https://github.com/abhinavxd/libredesk/commit/727213631ce6a36bcb06f50ce542155e78f51316