freescout-help-desk

Top products

The 15 most recently published vulnerabilities affecting freescout-help-desk.

• CVE-2026-45294FreeScout: User Account Enumeration via Password Reset Response Differentiation5.3May 29, 2026
• CVE-2026-47123FreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID Path7.5May 29, 2026
• CVE-2026-48810FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check4.3May 29, 2026
• CVE-2026-48811FreeScout: Thread Deletion Bypasses Mailbox Access Revocation4.3May 29, 2026
• CVE-2026-41906FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass7.1May 7, 2026
• CVE-2026-41905FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access7.7May 7, 2026
• CVE-2026-41904FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content7.6May 7, 2026
• CVE-2026-41902FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks9.1May 7, 2026
• CVE-2026-41903FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifying any user's notification subscriptions (incomplete fix of CVE-2025-48472)5.4May 7, 2026
• CVE-2026-41194FreeScout's Mailbox OAuth disconnect uses a state-changing GET and is CSRFable5.4Apr 21, 2026
• CVE-2026-41193FreeScout has Zip Slip path traversal in module installation that allows arbitrary file write leading to RCE9.1Apr 21, 2026
• CVE-2026-41192FreeScout's client-controlled attachment IDs allow deletion of existing conversation attachments7.1Apr 21, 2026
• CVE-2026-41191FreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changes7.1Apr 21, 2026
• CVE-2026-41190FreeScout has assigned-only visibility bypass via save_draft that allows hidden conversation draft injection7.1Apr 21, 2026
• CVE-2026-41189FreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threads7.1Apr 21, 2026