CVE-2026-40567 in freescout정보

요약

\~에 의해 MITRE • 2026. 04. 21.

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization and rendered unescaped into outgoing reply emails via the `{%customer.fullName%}` signature variable. This allows embedding phishing links, tracking pixels, and spoofed content inside legitimate support emails sent from the organization's address. Version 1.8.213 fixes the issue.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

GitHub M

예약하다

2026. 04. 14.

공개

2026. 04. 21.

모더레이션

수락

항목

VDB-358524

CPE

준비됨

CWE

CWE-80 (확인됨)

CVSS

5.8 (CNA)

EPSS

0.00066

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-40567
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-40567
CVE Details	https://www.cvedetails.com/cve/CVE-2026-40567/

◂ 이전 개요 다음 ▸

Interested in the pricing of exploits?

See the underground prices here!