Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS` is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The `save_draft` AJAX path is weaker. A direct POST can create a draft inside a conversation that is hidden in the UI. Version 1.8.215 fixes the vulnerability.

INFO

Published Date :

2026-04-21T17:06:31.785Z

Last Modified :

2026-04-21T17:48:06.353Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-41190 vulnerability.

Vendors Products
Freescout Helpdesk
  • Freescout
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41190.

URL Resource
https://github.com/freescout-help-desk/freescout/commit/414878eb79be7cb01a3ae124df6efcd23729275f cve-icon cve-icon
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215 cve-icon cve-icon
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vj2p-2789-3747 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact