CVE-2026-40567 in freescoutИнформация

Сводка

по MITRE • 21.04.2026

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization and rendered unescaped into outgoing reply emails via the `{%customer.fullName%}` signature variable. This allows embedding phishing links, tracking pixels, and spoofed content inside legitimate support emails sent from the organization's address. Version 1.8.213 fixes the issue.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

GitHub M

Резервировать

14.04.2026

Раскрытие

21.04.2026

Модерация

принято

Вход

VDB-358524

CPE

готов

CWE

CWE-80 (Подтверждённый)

CVSS

5.8 (CNA)

EPSS

0.00066

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-40567
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-40567
CVE Details	https://www.cvedetails.com/cve/CVE-2026-40567/

◂ Предыдущий Обзор Далее ▸

Interested in the pricing of exploits?

See the underground prices here!