Plataforma
php
Componente
freescout-help-desk
Corrigido em
1.8.216
CVE-2026-41183 describes an information disclosure vulnerability in FreeScout, a self-hosted help desk and shared mailbox system. This flaw allows unauthorized users to access conversations that should be restricted based on assigned permissions. The vulnerability impacts versions 1.0.0 through 1.8.214 and is resolved in version 1.8.215.
The primary impact of CVE-2026-41183 is the unauthorized exposure of sensitive information contained within conversations. An attacker could leverage global search and AJAX filter paths to bypass the intended access controls and view conversations assigned to other users or teams. This could lead to the disclosure of confidential customer data, internal communications, or other sensitive information. The blast radius extends to any user with access to the FreeScout instance, as an attacker could potentially gain access to a wide range of conversations.
CVE-2026-41183 was published on April 21, 2026. The vulnerability's severity is rated as medium. No public exploits or active campaigns have been reported at the time of writing. The EPSS score is pending evaluation. Refer to the official FreeScout advisory for further details.
Status do Exploit
EPSS
0.03% (percentil 9%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-41183 is to upgrade FreeScout to version 1.8.215 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting access to the global search functionality or carefully reviewing and limiting the permissions granted to users. Monitor FreeScout logs for unusual search activity that might indicate exploitation attempts. After upgrading, verify the fix by attempting to access restricted conversations via global search and AJAX filters; access should be denied.
Actualice FreeScout a la versión 1.8.215 o posterior para mitigar la vulnerabilidad. Esta actualización corrige la falla al aplicar la restricción 'assigned-only' a las consultas de búsqueda global y a los filtros AJAX, evitando la divulgación de conversaciones ocultas.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-41183 is a medium severity vulnerability in FreeScout versions 1.0.0 through 1.8.214 that allows attackers to bypass access restrictions and view hidden conversations via global search and AJAX filters.
You are affected if you are running FreeScout version 1.0.0 through 1.8.214. The vulnerability is resolved in version 1.8.215.
Upgrade FreeScout to version 1.8.215 or later. If an immediate upgrade is not possible, consider temporary workarounds like restricting access to global search.
No public exploits or active campaigns have been reported at this time, but it's crucial to apply the fix promptly to prevent potential exploitation.
Refer to the official FreeScout advisory for detailed information and updates regarding CVE-2026-41183. Check the FreeScout website or security mailing lists for the latest advisory.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.