Vendor
critical
advisory
FreeScout Arbitrary File Write via Crafted ZIP Upload (CVE-2026-41193)
2 rules 1 TTP 1 CVEFreeScout versions prior to 1.8.215 are vulnerable to arbitrary file write via a crafted ZIP archive uploaded by an authenticated administrator due to insufficient file path validation during module installation.
FreeScout
file-write
cve-2026-41193
zip-upload
2r
1t
1c
medium
advisory
FreeScout Unauthorized Attachment Deletion Vulnerability (CVE-2026-41192)
2 rules 1 CVEFreeScout versions prior to 1.8.215 are vulnerable to unauthorized attachment deletion, allowing a malicious mailbox peer to delete attachments by replaying encrypted attachment IDs in the `save_draft` flow.
FreeScout
attachment-deletion
cve-2026-41192
2r
1c
high
advisory
FreeScout Stored XSS Vulnerability in Mailbox Signatures (CVE-2026-40568)
2 rules 1 CVEA stored cross-site scripting (XSS) vulnerability exists in FreeScout versions prior to 1.8.213 within the mailbox signature feature due to an incomplete HTML tag blocklist and failure to remove event handler attributes.
FreeScout
xss
cve-2026-40568
web-application
2r
1c