3 matches found
CVE-2026-40498
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...
CVE-2026-40496
CVE-2026-40496 affects FreeScout prior to version 1.8.213, where attachment download tokens were created with a weak formula: md5(APP_KEY + attachment_id + size). Because attachment_id is sequential and size brute-forcible, an unauthenticated attacker can forge valid tokens and download private a...
PT-2026-34020
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the load customer info action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to...