What is the CVSS score of CVE-2026-41193?

CVE-2026-41193 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of FreeScout are affected by CVE-2026-41193?

FreeScout versions prior to 1.8.215 contain a critical arbitrary file write vulnerability that allows authenticated administrators to execute remote code by uploading malicious ZIP archives during…. A patch is available.

FreeScout CVE-2026-41193

EUVD-2026-24223 CRITICAL

Path Traversal (CWE-22)

2026-04-21 GitHub_M

Path Traversal

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 22, 2026 - 21:10 nvd

Patch available

Re-analysis Queued

Apr 21, 2026 - 21:22 vuln.today

cvss_changed

Patch available

Apr 21, 2026 - 19:01 EUVD

Analysis Generated

Apr 21, 2026 - 18:48 vuln.today

EUVD ID Assigned

Apr 21, 2026 - 17:45 euvd

EUVD-2026-24223

Analysis Generated

Apr 21, 2026 - 17:45 vuln.today

CVE Published

Apr 21, 2026 - 17:15 nvd

CRITICAL 9.1

DescriptionNVD

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP. Version 1.8.215 fixes the vulnerability.

AnalysisAI

Arbitrary file write in FreeScout (prior to 1.8.215) allows authenticated administrators to achieve remote code execution by uploading malicious ZIP archives during module installation. The path traversal vulnerability (CWE-22) enables attackers to write files to any location on the server filesystem, including web-accessible directories where PHP shells can be placed. …

RemediationAI

Within 24 hours: Identify all FreeScout instances and their current versions; restrict administrative access to module installation features pending patch deployment. Within 7 days: Upgrade all FreeScout installations to version 1.8.215 or later; review administrative access logs for suspicious module installation activity. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41193 vulnerability details – vuln.today

Back

FreeScout CVE-2026-41193

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code