EUVD-2026-24195CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Lifecycle Timeline
3DescriptionNVD
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The save_draft AJAX path is weaker. A direct POST can create a draft inside a conversation that is hidden in the UI. Version 1.8.215 fixes the vulnerability.
AnalysisAI
Authorization bypass in FreeScout's draft save functionality allows authenticated users with low privileges to create draft messages in conversations they should not access when APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS is enabled. While the conversation view correctly enforces access controls, the save_draft AJAX endpoint fails to validate user permissions, enabling unauthorized information disclosure and message manipulation (CVSS 7.1, High integrity impact). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all FreeScout deployments and document affected versions; notify helpdesk/support teams of the vulnerability scope. Within 7 days: Apply compensating controls (disable draft save if business process allows, or implement WAF rules blocking save_draft AJAX endpoints for low-privilege users); audit access logs for suspicious draft access patterns. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today