{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-40589/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.6,"id":"CVE-2026-40589"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["privilege-escalation","cve-2026-40589","freescout"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eFreeScout is a self-hosted help desk and shared mailbox system. A critical vulnerability, identified as CVE-2026-40589, exists in versions prior to 1.8.214. This flaw allows a low-privileged agent to escalate their privileges by manipulating customer records. Specifically, an agent can edit a visible customer\u0026rsquo;s profile and add an email address that is already associated with a hidden customer in a different mailbox. This results in the disclosure of the hidden customer\u0026rsquo;s name and profile URL within the application\u0026rsquo;s success flash message. Additionally, the vulnerable server reassigns the hidden customer\u0026rsquo;s email address to the visible customer and rebinds all conversations from the hidden mailbox associated with that email address to the visible customer. The vulnerability was patched in version 1.8.214. This poses a significant risk to organizations using affected versions of FreeScout, as it can lead to unauthorized access to sensitive customer data and communication.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA low-privileged agent logs into the FreeScout instance.\u003c/li\u003e\n\u003cli\u003eThe agent selects a visible customer within their accessible mailbox.\u003c/li\u003e\n\u003cli\u003eThe agent attempts to edit the visible customer\u0026rsquo;s profile.\u003c/li\u003e\n\u003cli\u003eThe agent adds an email address to the visible customer\u0026rsquo;s profile that is already associated with a hidden customer in another mailbox, which the agent would normally not have access to.\u003c/li\u003e\n\u003cli\u003eThe server validates the request and, due to the vulnerability, allows the reassignment of the email address.\u003c/li\u003e\n\u003cli\u003eThe server discloses the hidden customer\u0026rsquo;s name and profile URL in the success flash message displayed to the agent.\u003c/li\u003e\n\u003cli\u003eThe server reassigns the hidden customer\u0026rsquo;s email address to the visible customer in the database.\u003c/li\u003e\n\u003cli\u003eAll conversations previously associated with the hidden customer\u0026rsquo;s email address are now accessible to the agent through the visible customer\u0026rsquo;s profile, leading to unauthorized access of customer conversations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40589 can lead to a significant breach of confidentiality and integrity within a FreeScout instance. A low-privileged agent can gain unauthorized access to sensitive customer data, including names, profile URLs, and entire conversation histories. This can result in the compromise of customer privacy, potential regulatory violations, and damage to the organization\u0026rsquo;s reputation. The number of potential victims is directly proportional to the number of customers and mailboxes within the affected FreeScout instance.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade FreeScout instances to version 1.8.214 or later to remediate CVE-2026-40589 as mentioned in the overview.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;FreeScout Hidden Customer Data Disclosure\u0026rdquo; to detect attempts to exploit this vulnerability in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor FreeScout application logs for unusual activity related to customer profile modifications.\u003c/li\u003e\n\u003cli\u003eImplement strict access control policies within FreeScout to minimize the potential impact of compromised agent accounts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T12:00:00Z","date_published":"2026-04-22T12:00:00Z","id":"/briefs/2026-04-freescout-privesc/","summary":"FreeScout versions before 1.8.214 are vulnerable to privilege escalation, allowing a low-privileged agent to reassign email addresses from hidden customers to visible customers, leading to information disclosure and unauthorized access to conversations.","title":"FreeScout Privilege Escalation via Email Address Reassignment (CVE-2026-40589)","url":"https://feed.craftedsignal.io/briefs/2026-04-freescout-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-40589","version":"https://jsonfeed.org/version/1.1"}