Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP. Version 1.8.215 fixes the vulnerability.

INFO

Published Date :

2026-04-21T17:15:26.236Z

Last Modified :

2026-04-21T20:36:59.036Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-41193 vulnerability.

Vendors Products
Freescout Helpdesk
  • Freescout
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41193.

URL Resource
https://github.com/freescout-help-desk/freescout/commit/14f17a5cd22d217103a72b431b47b1f06996227b cve-icon cve-icon
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215 cve-icon cve-icon
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-r85m-5mc9-cc9w cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact