2 matches found
CVE-2026-41190
creationtimestamp| type| source ---|---|--- 2026-04-21 19:26:03+00:00| seen| Telegram/5jFlrKy1YlFFC2zo3JzgQk5Ry2crUJcwyAKkfj888Y7MPt0...
CVE-2026-41190 FreeScout has assigned-only visibility bypass via save_draft that allows hidden conversation draft injection
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APPSHOWONLYASSIGNEDCONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The savedraft AJAX path is weaker. A direct POST can create a dra...