top of page
perceptive_background_267k.jpg

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without va…

Published:

20 April 2026 at 22:00:00

Alert date:

21 April 2026 at 19:02:06

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

FreeScout, a free self-hosted help desk and shared mailbox application, contains a path traversal vulnerability in its module installation feature. Prior to version 1.8.215, the application extracts ZIP archives without validating file paths, allowing authenticated administrators to write files arbitrarily on the server filesystem via specially crafted ZIP files. This vulnerability enables arbitrary file write attacks that could lead to remote code execution or system compromise. The issue has been addressed in version 1.8.215 with proper path validation during ZIP extraction.

Technical details

Mitigation steps:

Affected products:

FreeScout

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41193
https://github.com/freescout-help-desk/freescout/commit/14f17a5cd22d217103a72b431b47b1f06996227b
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-r85m-5mc9-cc9w

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page