Vulnerability Description
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in `app/Misc/Helper.php` does not include `.htaccess` or `.user.ini` files. On Apache servers with `AllowOverride All` (a common configuration), an authenticated user can upload a `.htaccess` file to redefine how files are processed, enabling Remote Code Execution. This vulnerability can be exploited on its own or in combination with CVE-2026-27637. Version 1.8.206 fixes both vulnerabilities.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freescout | Freescout | < 1.8.206 |
Related Weaknesses (CWE)
References
- https://github.com/freescout-help-desk/freescout/commit/9984071e6f1b4e633fdcffcePatch
- https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-6gcm-vNot Applicable
- https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-xExploitVendor Advisory
- https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-6gcm-vNot Applicable
- https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-xExploitVendor Advisory
FAQ
What is CVE-2026-27636?
CVE-2026-27636 is a vulnerability with a CVSS score of 8.8 (HIGH). FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in `app/Misc/Helper.php` does not include `.htacce...
How severe is CVE-2026-27636?
CVE-2026-27636 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-27636?
Check the references section above for vendor advisories and patch information. Affected products include: Freescout Freescout.