PT-2026-34028 · Freescout Help Desk · Freescout
Published
2026-04-21
·
Updated
2026-04-27
·
CVE-2026-41183
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FreeScout versions prior to 1.8.215
Description
The assigned-only restriction is correctly applied to direct conversation views and folder queries, but it is not enforced for non-folder query builders. This allows global search and the AJAX filter path to reveal conversations that should otherwise be hidden.
Recommendations
Update to version 1.8.215.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freescout