cbcvebase.

Freescout-Help-Desk Freescout vulnerabilities

62 known vulnerabilities affecting freescout-help-desk/freescout.

Total CVEs
62
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH24MEDIUM28LOW2

Vulnerabilities

Page 1 of 4
CVE-2026-27636P2HIGHCVSS 8.8PoCfixed in 1.8.2072026-02-25
CVE-2026-27636 [HIGH] CWE-434 CVE-2026-27636: FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in `app/Misc/Helper.php` does not include `.htaccess` or `.user.ini` files. On Apache servers with `AllowOverride All` (a common configuration), an authenticated user can upload a `.htaccess` file to rede
nvd
CVE-2025-54366P2HIGHCVSS 8.8fixed in 1.8.1862025-07-26
CVE-2025-54366 [HIGH] CWE-502 CVE-2025-54366: FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel frame FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APP_KEY to achieve remote code execution. The vulnerability occurs when the
nvd
CVE-2025-48471P2CRITICALCVSS 9.8fixed in 1.8.1792025-05-29
CVE-2025-48471 [CRITICAL] CWE-434 CVE-2025-48471: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the applicat FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code execution if the Apache web server is used. This issue has
nvd
CVE-2025-58163P2HIGHCVSS 8.8fixed in 1.8.1862025-09-03
CVE-2025-58163 [HIGH] CWE-502 CVE-2025-58163: FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated attackers with knowledge of the application's APP_KEY to achieve remote code execution. The vulnerability is exploited via endpoint, e.g.: `/help/{mailbox_id}
nvd
CVE-2026-41902P3CRITICALCVSS 9.1fixed in 1.8.2172026-05-07
CVE-2026-41902 [CRITICAL] CWE-613 CVE-2026-41902: FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random invite_hash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until consumed. Combined with realistic hash-leakage scen
nvd
CVE-2026-40498P3CRITICALCVSS 9.8fixed in 1.8.2132026-04-21
CVE-2026-40498 [CRITICAL] CWE-200 CVE-2026-40498: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthent FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APP_KEY, which is exposed in the response and logs. Accessing these endpoints
nvd
CVE-2025-48481P3CRITICALCVSS 9.8fixed in 1.8.1802025-05-30
CVE-2025-48481 [CRITICAL] CWE-841 CVE-2025-48481: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invite_hash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link from the email to gain initial access to the account. T
nvd
CVE-2026-40496P3CRITICALCVSS 9.1fixed in 1.8.2132026-04-21
CVE-2026-40496 [CRITICAL] CWE-330 CVE-2026-40496: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment d FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small range, an unauthenticated attacker can forge valid tokens and downloa
nvd
CVE-2025-48476P3HIGHCVSS 8.8fixed in 1.8.1802025-05-30
CVE-2025-48476 [HIGH] CWE-841 CVE-2025-48476: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result, a user with the right to edit other users of the syst
nvd
CVE-2026-41193P3CRITICALCVSS 9.1fixed in 1.8.2152026-04-21
CVE-2026-41193 [CRITICAL] CWE-22 CVE-2026-41193: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP. Version 1.8.215 fixes the vulnerability.
nvd
CVE-2026-32752P3HIGHCVSS 8.1fixed in 1.8.2092026-03-19
CVE-2026-32752 [HIGH] CWE-284 CVE-2026-32752: FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.2 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit() method contains a broken access control vulnerability that allows any authenticated user (regardless of role or mailbox access) to read and modify all customer-created thread messages across all mailboxes. This fla
nvd
CVE-2026-40569P3CRITICALCVSS 9.0fixed in 1.8.2132026-04-21
CVE-2026-40569 [CRITICAL] CWE-284 CVE-2026-40569: FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionIncomingSave()` at `app/Http/Controllers/MailboxesController.php:468` and `connectionOutgoingSave()` at line 398). Both methods pass `$request->all()` dire
nvd
CVE-2025-48474P3HIGHCVSS 8.1fixed in 1.8.1802025-05-29
CVE-2025-48474 [HIGH] CWE-863 CVE-2025-48474: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the applicat FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have access, thereby bypassing the restriction on viewing
nvd
CVE-2025-48472P3HIGHCVSS 8.1fixed in 1.8.2172025-05-29
CVE-2025-48472 [HIGH] CWE-863 CVE-2025-48472: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have access to the mailbox, then after disabling (enabling) notif
nvd
CVE-2025-48389P3HIGHCVSS 7.2fixed in 1.8.1782025-05-29
CVE-2025-48389 [HIGH] CWE-502 CVE-2025-48389: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an option through the get method, deserialization will occur, which will allow a
nvd
CVE-2026-32754P3CRITICALCVSS 9.3fixed in 1.8.2092026-03-19
CVE-2026-32754 [CRITICAL] CWE-79 CVE-2026-32754: FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting (XSS) through FreeScout's email notification templates. Incoming email bodies are stored in the database without sanitization and rendered unescaped in outgoing email notifications using Blade's
nvd
CVE-2025-48475P3HIGHCVSS 8.1fixed in 1.8.1802025-05-29
CVE-2025-48475 [HIGH] CWE-863 CVE-2025-48475: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System d FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the existing mailboxes, as well as to any of the existing conve
nvd
CVE-2026-40568P3HIGHCVSS 8.5fixed in 1.8.2132026-04-21
CVE-2026-40568 [HIGH] CWE-79 CVE-2026-40568: FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a store FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature feature. The sanitization function `Helper::stripDangerousTags()` (`app/Misc/Helper.php:568`) uses an incomplete blocklist of only four HTML tags (`script`, `form`, `iframe`, `object`) a
nvd
CVE-2025-48477P3HIGHCVSS 8.1fixed in 1.8.1802025-05-30
CVE-2025-48477 [HIGH] CWE-841 CVE-2025-48477: FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the applicat FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly completing one or more actions in the sequence. The leaves the
nvd
CVE-2026-41905P3HIGHCVSS 7.7fixed in 1.8.2172026-05-07
CVE-2026-41905 [HIGH] CWE-918 CVE-2026-41905: FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final redirect destination. An attacker who can supply any URL that passes the initial
nvd
Freescout-Help-Desk Freescout vulnerabilities | cvebase