CVE-2026-41192

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.215

Description The reply and draft flows trust encrypted attachment IDs supplied by the client. Any IDs included in the attachments all[] variable but omitted from retained lists are decrypted and passed to the deleteByIds() function of the Attachment class. Since load attachments returns encrypted IDs for attachments within a visible conversation, a mailbox peer can replay these IDs through the 'save draft' endpoint to delete the original attachment row and file.

Recommendations Update to version 1.8.215.