CVE-2026-35584

MEDIUM

FreeScout <1.8.212 Open Tracking Endpoint - Insecure Direct Object Reference

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2026-35584. PoCs published by adminlove520, NovaisLeonardo, spoo1k.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2026-35584, an IDOR vulnerability in FreeScout 1.8.211. It explains how unauthenticated attackers can manipulate thread read statuses and enumerate valid thread IDs due to missing validation between conversation_id and thread_id.

Description

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/{conversation_id}/{thread_id} does not require authentication and does not validate whether the given thread_id belongs to the given conversation_id. This allows any unauthenticated attacker to mark any thread as read by passing arbitrary IDs, enumerate valid thread IDs via HTTP response codes (200 vs 404), and manipulate opened_at timestamps across conversations (IDOR). This vulnerability is fixed in 1.8.212.

Exploits (4)

nomisec WRITEUP
by NovaisLeonardo · poc
https://github.com/NovaisLeonardo/CVE-2026-35584

The repository provides a detailed technical analysis of CVE-2026-35584, an IDOR vulnerability in FreeScout 1.8.211. It explains how unauthenticated attackers can manipulate thread read statuses and enumerate valid thread IDs due to missing validation between conversation_id and thread_id.

Classification
Writeup 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: FreeScout 1.8.211
No auth needed
Prerequisites: access to the target FreeScout instance
devstral-2 · analyzed Apr 19, 2026 Full analysis →
nomisec WRITEUP
by spoo1k · poc
https://github.com/spoo1k/CVE-2026-35584

The repository provides a detailed technical analysis of CVE-2026-35584, an IDOR vulnerability in FreeScout 1.8.211. It explains how unauthenticated attackers can manipulate thread read statuses and enumerate valid thread IDs due to missing validation between conversation_id and thread_id.

Classification
Writeup 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: FreeScout 1.8.211
No auth needed
Prerequisites: access to the target FreeScout instance
devstral-2 · analyzed Apr 15, 2026 Full analysis →
nomisec WRITEUP
by LeonardoNovais7 · poc
https://github.com/LeonardoNovais7/CVE-2026-35584

This repository provides a detailed technical analysis of CVE-2026-35584, an IDOR vulnerability in an unspecified software's thread endpoint. It includes steps to reproduce, impact analysis, and a suggested fix, but lacks functional exploit code.

Classification
Writeup 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Unspecified software version 1.8.211
No auth needed
Prerequisites: Access to the target endpoint · Valid thread and conversation IDs
devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0030
EPSS Percentile 21.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-306 CWE-639
Status published
Products (2)
freescout/freescout < 1.8.212
freescout-help-desk/freescout < 1.8.212
Published Apr 07, 2026
Tracked Since Apr 07, 2026