CVE-2026-41192

Summary

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in attachments_all[] but omitted from retained lists are decrypted and passed directly to Attachment::deleteByIds(). Because load_attachments returns encrypted IDs for attachments on a visible conversation, a mailbox peer can replay those IDs through save_draft and delete the original attachment row and file. Version 1.8.215 fixes the vulnerability.

Affected Software

VendorProductVersion RangeStatus
freescout-help-deskfreescout< 1.8.215affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References