CVE-2026-27636

CVSS v3.1

8.8

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.206

Description FreeScout, a PHP-based help desk and shared inbox application built on the Laravel framework, contains a flaw in its file upload restrictions. Prior to version 1.8.206, the application does not prevent the upload of

.htaccess

and

.user.ini

files. On Apache servers configured with

AllowOverride All

, an authenticated user can upload a

.htaccess

file, potentially redefining file processing rules and enabling Remote Code Execution. This issue can be exploited independently or in conjunction with another issue. The vulnerable file is located at

app/Misc/Helper.php

. The

upload

functionality is affected.

Recommendations Versions prior to 1.8.206 should be updated to version 1.8.206 or later.

Exploit

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2026-27636

GHSA-6GCM-V8XF-J9V9

GHSA-MW88-X7J3-74VC

Affected Products

Apache

Freescout

Laravel

CVE-2026-27636

Weakness Enumeration

Related Identifiers

Affected Products

References · 25