Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/21 5:4 p.m.3 views

CVE-2026-41189

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 5:4 p.m.3 views

CVE-2026-41189 FreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threads

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 5:4 p.m.4 views

EUVD-2026-24193

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 5:4 p.m.32 views

CVE-2026-41189 FreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threads

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

7.1CVSS0.00223EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 5:4 p.m.12 views

CVE-2026-41189

FreeScout prior to 1.8.215 is vulnerable: customer-thread editing bypasses the assigned-only visibility due to ThreadPolicy::edit() not enforcing ConversationPolicy restrictions, allowing a user who cannot view a conversation to load and edit hidden customer-authored threads. The issue is address...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References3
OSV
OSV
added 2026/04/21 5:4 p.m.3 views

CVE-2026-41189 FreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threads

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

7.1CVSS6AI score0.00223EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.15 views

PT-2026-34029

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References5
Rows per page
Query Builder