PT-2026-33910 · Freescout · Freescout

Published

2026-04-21

Updated

2026-04-21

CVE-2026-40496

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.213

Description Attachment download tokens are generated using a weak and predictable formula: md5(APP KEY + attachment id + size). Because attachment id is sequential and size can be brute-forced within a small range, an unauthenticated attacker can forge valid tokens to download private attachments without credentials.

Recommendations Update to version 1.8.213.

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330CWE-340

Related Identifiers

CVE-2026-40496

Affected Products

Freescout

PT-2026-33910 · Freescout · Freescout

CVE-2026-40496

Weakness Enumeration

Related Identifiers

Affected Products

References · 5