Tag
FreeScout Privilege Escalation via Email Address Reassignment (CVE-2026-40589)
2 rules 1 TTP 1 CVE 1 IOCFreeScout versions before 1.8.214 are vulnerable to privilege escalation, allowing a low-privileged agent to reassign email addresses from hidden customers to visible customers, leading to information disclosure and unauthorized access to conversations.
FreeScout Mass Assignment Vulnerability (CVE-2026-40569)
2 rules 2 TTPs 1 CVEFreeScout versions prior to 1.8.213 contain a mass assignment vulnerability allowing authenticated admins to modify sensitive mailbox settings by injecting parameters into connection settings requests, leading to email exfiltration and account compromise.
FreeScout Incorrect Authorization Vulnerability (CVE-2026-41189)
2 rules 1 TTP 1 CVE 4 IOCsFreeScout versions before 1.8.215 are vulnerable to an incorrect authorization issue where users without conversation access can edit customer threads due to a flaw in the `ThreadPolicy::edit()` function.
FreeScout CSS Injection Vulnerability in Mailbox Signature Leads to Privilege Escalation (CVE-2026-40497)
2 rules 2 TTPs 1 CVEFreeScout versions prior to 1.8.213 are vulnerable to CSS injection via the mailbox signature, allowing an attacker with mailbox settings access to exfiltrate CSRF tokens and escalate privileges.
Critical Vulnerabilities in FreeScout Help Desk Allow Remote Code Execution
2 rules 2 TTPsCritical vulnerabilities, CVE-2026-27636 and CVE-2026-27637, exist in FreeScout Help Desk that could be exploited to achieve remote code execution, potentially leading to data exfiltration and system compromise.