3 matches found
CVE-2026-40589 FreeScout has Customer Edit Cross-Mailbox Email Takeover
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...
CVE-2026-40589
Product affected: FreeScout (self-hosted help desk). Vulnerability: Prior to 1.8.214, a low-privileged agent can edit a visible customer and assign an email owned by a hidden customer in another mailbox. The server reveals the hidden customer’s name and profile URL in the success flash, reassigns...
CVE-2026-40589 FreeScout has Customer Edit Cross-Mailbox Email Takeover
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...