PT-2026-38551 · Freescout · Freescout

Shukla304

·

Published

2026-05-07

·

Updated

2026-05-08

·

CVE-2026-41906

CVSS v3.1

7.1

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.214
Description The backend conversation change customer action fails to properly validate the customer email variable. While the Change Customer modal filters out-of-scope customers via the mailbox-filtered search endpoint, a low-privileged agent can forge a request to bind a visible conversation to a hidden customer in another mailbox.
Recommendations Update to version 1.8.214.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-41906

Affected Products

Freescout