CVE-2026-41191

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.215

Description The MailboxesController::updateSave() function persists the chat start new variable outside the allowed-field filter. This allows a user who possesses only the mailbox sig permission to modify the hidden mailbox-wide chat setting through a direct POST request, despite the user interface only displaying the signature field.

Recommendations Update to version 1.8.215.