CVE-2026-40567

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N                                    

Vulnerability Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization and rendered unescaped into outgoing reply emails via the `{%customer.fullName%}` signature variable. This allows embedding phishing links, tracking pixels, and spoofed content inside legitimate support emails sent from the organization's address. Version 1.8.213 fixes the issue.

Vulnerability Details

Published Date

April 21, 2026

Last Modified

April 22, 2026

CWE ID

CWE-116

Source

NVD

Vendor

freescout-help-desk

Product

freescout

External References

https://github.com/freescout-help-desk/freescout/commit/9131b16f80eade81002cb9809a2603f6b61981cf
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-q8v4-v62h-5528

CVE-2026-40567

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment