Vulnerability Description
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be hidden. Version 1.8.215 fixes the vulnerability.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/freescout-help-desk/freescout/commit/6583d6f5a593b51223904f9e
- https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215
- https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-7rh8-9
- https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-7rh8-9
FAQ
What is CVE-2026-41183?
CVE-2026-41183 is a vulnerability with a CVSS score of 4.3 (MEDIUM). FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder q...
How severe is CVE-2026-41183?
CVE-2026-41183 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-41183?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.