Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through `ThreadPolicy::edit()`, which checks mailbox access but does not apply the assigned-only restriction from `ConversationPolicy`. A user who cannot view a conversation can still load and edit customer-authored threads inside it. Version 1.8.215 fixes the vulnerability.

INFO

Published Date :

2026-04-21T17:04:07.469Z

Last Modified :

2026-04-21T17:37:13.107Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-41189 vulnerability.

Vendors Products
Freescout Helpdesk
  • Freescout
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41189.

URL Resource
https://github.com/freescout-help-desk/freescout/commit/cdadaf621bb1e1d017315df20d743671f7eae7a9 cve-icon cve-icon
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215 cve-icon cve-icon
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-4h5p-7f5c-q7gj cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact