CVE-2026-40569

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.213

Description An issue exists in the mailbox connection settings endpoints where the functions connectionIncomingSave() and connectionOutgoingSave() pass all request data directly to the mailbox fill method without field allowlisting. This allows an authenticated administrator to overwrite security-critical fields in the Mailbox model, such as auto bcc, out server, out password, signature, auto reply enabled, and auto reply message, by appending hidden parameters to a legitimate request. This can lead to silent email exfiltration by BCCing outgoing emails to an external address, redirecting SMTP traffic through an attacker-controlled server, or injecting malicious content into email signatures and auto-replies.

Recommendations Update to version 1.8.213.