Critical Vulnerabilities in FreeScout Help Desk Allow Remote Code Execution
Critical vulnerabilities, CVE-2026-27636 and CVE-2026-27637, exist in FreeScout Help Desk that could be exploited to achieve remote code execution, potentially leading to data exfiltration and system compromise.
FreeScout, a popular open-source help desk solution, is affected by two critical vulnerabilities, CVE-2026-27636 and CVE-2026-27637. Disclosed in February 2026, these vulnerabilities can be exploited independently or chained to achieve remote code execution. CVE-2026-27636 stems from insufficient file upload restrictions, while CVE-2026-27637 relates to predictable authentication tokens. Successful exploitation allows attackers to execute arbitrary system commands, read/write files, pivot to…
Detection coverage 2
Detect .htaccess File Uploads
highDetects the creation of .htaccess files, which could indicate exploitation of CVE-2026-27636
Detect .user.ini File Uploads
highDetects the creation of .user.ini files, which could indicate exploitation of CVE-2026-27636
Detection queries are kept inside the platform. Get full rules →