FreeScout CVE-2026-40570

| EUVD-2026-24173 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-04-21 [email protected]
Authentication Bypass
5.7
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Apr 21, 2026 - 18:01 EUVD
Analysis Generated
Apr 21, 2026 - 17:38 vuln.today

DescriptionNVD

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the load_customer_info action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retrieve all customer PII. Version 1.8.213 fixes the issue.

AnalysisAI

FreeScout versions prior to 1.8.213 expose complete customer PII through an authentication bypass in the load_customer_info action of POST /conversation/ajax, allowing any authenticated user to retrieve sensitive profile data for arbitrary customers by providing only a valid email address. The vulnerability affects the authorization layer rather than authentication, enabling lateral access to customer records across mailboxes without proper access control verification.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-40570 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy