CVE-2026-40498

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.213

Description An unauthenticated attacker can access diagnostic and system tools intended for administrators. The '/system/cron' endpoint uses a static MD5 hash derived from the APP KEY variable, which is exposed in responses and logs. This allows for Full Path Disclosure (revealing sensitive server paths), exposure of process IDs, and Resource Exhaustion (DoS) by repeatedly triggering heavy background tasks due to a lack of rate limiting. The hash is generated using the md5(APP KEY . 'web cron hash') function and is susceptible to exposure via GET requests in server logs, browser history, and proxy logs.

Recommendations Update to version 1.8.213.