Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small range, an unauthenticated attacker can forge valid tokens and download any private attachment without credentials. Version 1.8.213 fixes the issue.

INFO

Published Date :

2026-04-21T01:38:50.117Z

Last Modified :

2026-04-21T13:50:39.454Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40496 vulnerability.

Vendors Products
Freescout Helpdesk
  • Freescout
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40496.

URL Resource
https://github.com/freescout-help-desk/freescout/commit/dbdf8f2260b43a21818255c70f0b61b9de9cd555 cve-icon cve-icon
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213 cve-icon cve-icon
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-2783-wxmm-wmwr cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability