FreeScout's cross-user undo reply allows mailbox peers to recall another agent's outbound reply
traduzindo…Plataforma
nodejs
Componente
freescout-help-desk
Corrigido em
1.8.215
CVE-2026-40592 describes a vulnerability in FreeScout, a self-hosted help desk and shared mailbox application. This flaw allows one agent within a shared mailbox to recall another agent's recently sent reply, even if they didn't create it. The vulnerability affects versions 1.0.0 through 1.8.213, and a fix is available in version 1.8.214.
Impacto e Cenários de Ataquetraduzindo…
The primary impact of this vulnerability is the potential disruption of communication within a shared mailbox environment. An attacker, posing as a legitimate agent, could maliciously recall replies sent by other agents, potentially deleting important messages or creating confusion. This could lead to missed customer inquiries, delayed responses, and a negative impact on customer service. While the vulnerability window is limited to 15 seconds, the potential for disruption and misuse exists, particularly in environments with multiple agents accessing the same mailbox.
Contexto de Exploraçãotraduzindo…
This vulnerability was publicly disclosed on 2026-04-21. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of writing. Given the limited window of opportunity (15 seconds) and the requirement for access to a shared mailbox, the probability of exploitation is considered low to medium.
Quem Está em Riscotraduzindo…
Organizations utilizing FreeScout with shared mailbox configurations are at risk. This includes businesses relying on shared inboxes for customer support, sales, or other collaborative communication purposes. The vulnerability is particularly relevant to deployments with multiple agents accessing the same mailbox, as it enables one agent to impact the work of others.
Passos de Detecçãotraduzindo…
• nodejs / server:
grep -r 'conversation/undo-reply/{thread_id}' /opt/freescout/app/routes/• generic web:
curl -I 'http://your-freescout-instance/conversation/undo-reply/123' # Check for 200 OK response without authenticationLinha do Tempo do Ataque
- Disclosure
disclosure
Inteligência de Ameaças
Status do Exploit
EPSS
0.04% (percentil 11%)
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Alta — exige condição de corrida, configuração não padrão ou circunstâncias específicas.
- Privileges Required
- Baixo — qualquer conta de usuário válida é suficiente.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Inalterado — impacto limitado ao componente vulnerável.
- Confidentiality
- Nenhum — sem impacto na confidencialidade.
- Integrity
- Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
- Availability
- Baixo — negação de serviço parcial ou intermitente.
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The recommended mitigation for CVE-2026-40592 is to immediately upgrade FreeScout to version 1.8.214 or later. If upgrading is not immediately feasible, consider implementing stricter access controls within the shared mailbox to limit the ability of agents to recall messages. While a direct workaround is not available, monitoring the 'undo-reply' endpoint for unusual activity could provide early detection. After upgrading, confirm the fix by attempting to recall a reply sent by another user; the action should be denied.
Como corrigirtraduzindo…
Actualice FreeScout a la versión 1.8.214 o posterior para mitigar la vulnerabilidad. Esta actualización verifica que el usuario actual sea el creador del mensaje antes de permitir la revocación, previniendo el acceso no autorizado a las respuestas de otros agentes en entornos de buzón compartido.
Boletim de Segurança CVE
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
Perguntas frequentestraduzindo…
What is CVE-2026-40592 — Reply Recall Vulnerability in FreeScout?
CVE-2026-40592 is a medium severity vulnerability in FreeScout versions 1.0.0 through 1.8.213 that allows one agent to recall another agent's sent reply in a shared mailbox.
Am I affected by CVE-2026-40592 in FreeScout?
You are affected if you are using FreeScout version 1.0.0 through 1.8.213 and have a shared mailbox configuration with multiple agents.
How do I fix CVE-2026-40592 in FreeScout?
Upgrade FreeScout to version 1.8.214 or later to remediate the vulnerability. If immediate upgrade is not possible, implement stricter access controls.
Is CVE-2026-40592 being actively exploited?
There are currently no known active exploits or campaigns targeting CVE-2026-40592.
Where can I find the official FreeScout advisory for CVE-2026-40592?
Refer to the FreeScout security advisory for details: [https://freescout.com/security/](https://freescout.com/security/)
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.