Plattform
php
Komponente
freescout
Behoben in
1.8.216
CVE-2026-41193 describes a Remote Code Execution (RCE) vulnerability discovered in FreeScout, a free self-hosted help desk and shared mailbox system. This flaw allows an authenticated administrator to write files anywhere on the server's filesystem by exploiting the module installation feature's lack of ZIP archive path validation. The vulnerability impacts versions 1.0.0 through 1.8.214, and a patch is available in version 1.8.215.
The impact of this vulnerability is severe. A successful exploit allows an authenticated administrator to execute arbitrary code on the server hosting FreeScout. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. An attacker could potentially gain control of the entire server infrastructure, especially if the FreeScout instance is configured with elevated privileges or has access to sensitive data. The ability to write arbitrary files bypasses standard security controls and provides a direct path to code execution, making it a high-risk vulnerability.
This vulnerability is considered high probability due to the ease of exploitation and the critical nature of RCE. Public proof-of-concept (PoC) code is likely to emerge given the vulnerability's simplicity. The vulnerability was publicly disclosed on 2026-04-21. It is not currently listed on CISA KEV, but its severity warrants monitoring.
Organizations using FreeScout for help desk and shared mailbox management are at risk, particularly those running vulnerable versions (1.0.0 through 1.8.214). Shared hosting environments where multiple users share the same server are especially vulnerable, as a compromised administrator account could impact all users on the server.
• php: Examine web server access logs for requests to the module installation endpoint with unusual ZIP archive filenames or paths.
grep -i 'module_install.php' /var/log/apache2/access.log | grep -i '.zip'• php: Monitor file system activity for unexpected file creations or modifications in sensitive directories.
find /var/www/freescout -type f -mmin -60 -ls• generic web: Check for unusual files in the FreeScout installation directory, particularly those with unexpected extensions or names. • generic web: Review FreeScout logs for errors related to ZIP archive extraction or file writing.
disclosure
Exploit-Status
EPSS
0.05% (15% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade FreeScout to version 1.8.215 or later, which addresses the path validation issue. If upgrading is not immediately feasible, consider restricting administrator access to the module installation feature. Implement a Web Application Firewall (WAF) rule to block uploads of ZIP archives with suspicious filenames or paths. Monitor FreeScout logs for unusual file creation activity, particularly in sensitive directories. After upgrading, confirm the fix by attempting to upload a test ZIP archive with a deliberately invalid path; the upload should be rejected.
Aktualisieren Sie FreeScout auf Version 1.8.215 oder höher, um die Schwachstelle zu mindern. Diese Version behebt das Problem, indem sie die Dateipfade beim Extrahieren von ZIP-Dateien validiert und so eine beliebige Dateischreibung auf dem Dateisystem verhindert.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-41193 is a critical Remote Code Execution vulnerability in FreeScout versions 1.0.0 through 1.8.214, allowing authenticated admins to execute arbitrary code via a malicious ZIP file.
You are affected if you are running FreeScout versions 1.0.0 through 1.8.214. Upgrade to version 1.8.215 or later to resolve the vulnerability.
Upgrade FreeScout to version 1.8.215 or later. If immediate upgrade is not possible, restrict admin access to the module installation feature and implement strict file access controls.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to the FreeScout security advisory for detailed information and updates: [https://freescout.com/security/](https://freescout.com/security/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.