CVE-2026-40591

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.214

Description The phone-conversation creation flow allows the use of attacker-controlled customer id, name, to email, and phone values. The system resolves the target customer in the backend without enforcing mailbox-scoped customer visibility. This enables a low-privileged agent with permissions to create a phone conversation in one mailbox to bind that conversation to a hidden customer from another mailbox and add a new alias email to the hidden customer record via the to email parameter.

Recommendations Update to version 1.8.214.