FreeScout hat einen Zip Slip Pfad Traversing in der Modulinstallation, der eine beliebige Dateischreibung ermöglicht und zu RCE führt
Plattform
php
Komponente
freescout
Behoben in
1.8.216
CVE-2026-41193 describes a Remote Code Execution (RCE) vulnerability discovered in FreeScout, a free self-hosted help desk and shared mailbox system. This flaw allows an authenticated administrator to write files anywhere on the server's filesystem by exploiting the module installation feature's lack of ZIP archive path validation. The vulnerability impacts versions 1.0.0 through 1.8.214, and a patch is available in version 1.8.215.
Auswirkungen und Angriffsszenarien
The impact of this vulnerability is severe. A successful exploit allows an authenticated administrator to execute arbitrary code on the server hosting FreeScout. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. An attacker could potentially gain control of the entire server infrastructure, especially if the FreeScout instance is configured with elevated privileges or has access to sensitive data. The ability to write arbitrary files bypasses standard security controls and provides a direct path to code execution, making it a high-risk vulnerability.
Ausnutzungskontext
This vulnerability is considered high probability due to the ease of exploitation and the critical nature of RCE. Public proof-of-concept (PoC) code is likely to emerge given the vulnerability's simplicity. The vulnerability was publicly disclosed on 2026-04-21. It is not currently listed on CISA KEV, but its severity warrants monitoring.
Wer Ist Gefährdetwird übersetzt…
Organizations using FreeScout for help desk and shared mailbox management are at risk, particularly those running vulnerable versions (1.0.0 through 1.8.214). Shared hosting environments where multiple users share the same server are especially vulnerable, as a compromised administrator account could impact all users on the server.
Erkennungsschrittewird übersetzt…
• php: Examine web server access logs for requests to the module installation endpoint with unusual ZIP archive filenames or paths.
grep -i 'module_install.php' /var/log/apache2/access.log | grep -i '.zip'• php: Monitor file system activity for unexpected file creations or modifications in sensitive directories.
find /var/www/freescout -type f -mmin -60 -ls• generic web: Check for unusual files in the FreeScout installation directory, particularly those with unexpected extensions or names. • generic web: Review FreeScout logs for errors related to ZIP archive extraction or file writing.
Angriffszeitlinie
- Disclosure
disclosure
Bedrohungsanalyse
Exploit-Status
EPSS
0.05% (15% Perzentil)
CISA SSVC
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Hoch — Administrator- oder Privilegienkonto erforderlich.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Geändert — Angriff kann über die anfällige Komponente hinaus auf andere Systeme übergreifen.
- Confidentiality
- Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
- Integrity
- Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
- Availability
- Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
- EPSS aktualisiert
Mitigation und Workarounds
The primary mitigation is to immediately upgrade FreeScout to version 1.8.215 or later, which addresses the path validation issue. If upgrading is not immediately feasible, consider restricting administrator access to the module installation feature. Implement a Web Application Firewall (WAF) rule to block uploads of ZIP archives with suspicious filenames or paths. Monitor FreeScout logs for unusual file creation activity, particularly in sensitive directories. After upgrading, confirm the fix by attempting to upload a test ZIP archive with a deliberately invalid path; the upload should be rejected.
So beheben
Aktualisieren Sie FreeScout auf Version 1.8.215 oder höher, um die Schwachstelle zu mindern. Diese Version behebt das Problem, indem sie die Dateipfade beim Extrahieren von ZIP-Dateien validiert und so eine beliebige Dateischreibung auf dem Dateisystem verhindert.
CVE-Sicherheitsnewsletter
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
Häufig gestellte Fragenwird übersetzt…
What is CVE-2026-41193 — RCE in FreeScout?
CVE-2026-41193 is a critical Remote Code Execution vulnerability in FreeScout versions 1.0.0 through 1.8.214, allowing authenticated admins to execute arbitrary code via a malicious ZIP file.
Am I affected by CVE-2026-41193 in FreeScout?
You are affected if you are running FreeScout versions 1.0.0 through 1.8.214. Upgrade to version 1.8.215 or later to resolve the vulnerability.
How do I fix CVE-2026-41193 in FreeScout?
Upgrade FreeScout to version 1.8.215 or later. If immediate upgrade is not possible, restrict admin access to the module installation feature and implement strict file access controls.
Is CVE-2026-41193 being actively exploited?
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Where can I find the official FreeScout advisory for CVE-2026-41193?
Refer to the FreeScout security advisory for detailed information and updates: [https://freescout.com/security/](https://freescout.com/security/)
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.