CVE-2026-41903

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.217

Description A user with the PERM EDIT USERS permission can read and modify the notification subscriptions of any other user, including administrators, by sending a single POST request. This allows a non-admin attacker to silently disable email, browser, or mobile notifications for an administrator, which can suppress security alerts and conversation-assignment notices.

Recommendations Update to version 1.8.217.