Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesController::updateSave()` persists `chat_start_new` outside the allowed-field filter. A user with only the mailbox `sig` permission sees only the signature field in the UI, but can still change the hidden mailbox-wide chat setting via direct POST. Version 1.8.215 fixes the vulnerability.

INFO

Published Date :

2026-04-21T17:09:26.481Z

Last Modified :

2026-04-21T19:07:38.705Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-41191 vulnerability.

Vendors Products
Freescout Helpdesk
  • Freescout
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41191.

URL Resource
https://github.com/freescout-help-desk/freescout/commit/fb130de64e1c830d85dd6988eaa08d725a7be954 cve-icon cve-icon
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215 cve-icon cve-icon
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-wpv9-c2gv-2j82 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact