EUVD-2026-24187CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Lifecycle Timeline
3DescriptionNVD
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customer_id, name, to_email, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility. As a result, a low-privileged agent who can create a phone conversation in Mailbox A can bind the new Mailbox A phone conversation to a hidden customer from Mailbox B and add a new alias email to that hidden customer record by supplying to_email. Version 1.8.214 fixes the vulnerability.
AnalysisAI
Low-privileged agents in FreeScout can escalate mailbox access by exploiting insufficient customer visibility enforcement in phone conversation creation. Attackers with agent credentials for Mailbox A can reference and modify customer records from Mailbox B, adding alias emails to hidden customer profiles and bypassing mailbox isolation boundaries. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all FreeScout installations and current versions in use; audit recent agent activity logs for cross-mailbox customer record modifications. Within 7 days: Upgrade all FreeScout instances to version 1.8.214 or later; review and restrict low-privileged agent role permissions to single-mailbox scope only. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today