{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T15:44:28.678","vulnerabilities":[{"cve":{"id":"CVE-2026-27637","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T04:16:04.110","lastModified":"2026-02-26T16:08:44.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's `TokenAuth` middleware uses a predictable authentication token computed as `MD5(user_id + created_at + APP_KEY)`. This token is static (never expires/rotates), and if an attacker obtains the `APP_KEY` — a well-documented and common exposure vector in Laravel applications — they can compute a valid token for any user, including the administrator, achieving full account takeover without any password. This vulnerability can be exploited on its own or in combination with CVE-2026-27636. Version 1.8.206 fixes both vulnerabilities."},{"lang":"es","value":"FreeScout es un servicio de asistencia técnica gratuito y un buzón compartido creado con el marco Laravel de PHP. Antes de la versión 1.8.206, el middleware 'TokenAuth' de FreeScout utiliza un token de autenticación predecible calculado como 'MD5(user_id + created_at + APP_KEY)'. Este token es estático (nunca expira/rota), y si un atacante obtiene la 'APP_KEY' — un vector de exposición bien documentado y común en aplicaciones Laravel — pueden calcular un token válido para cualquier usuario, incluido el administrador, logrando una toma de control total de la cuenta sin ninguna contraseña. Esta vulnerabilidad puede ser explotada por sí misma o en combinación con CVE-2026-27636. La versión 1.8.206 corrige ambas vulnerabilidades."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-330"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freescout:freescout:*:*:*:*:*:*:*:*","versionEndExcluding":"1.8.206","matchCriteriaId":"79CA8F5D-FF18-4F10-A6AF-3DBED9542088"}]}]}],"references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/004a8231f6e413af1d4680930b0e2342fd4283f9","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-6gcm-v8xf-j9v9","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-x7j3-74vc","source":"security-advisories@github.com","tags":["Not Applicable"]},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-6gcm-v8xf-j9v9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-x7j3-74vc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Not Applicable"]}]}}]}