—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in FreeScout helpdesk platform

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

FreeScout versions prior to 1.8.207

Overview

A critical vulnerability has been reported in FreeScout, which may allow an authenticated attacker to execute arbitrary code on the targeted vulnerable server.

Target Audience:

Administrators and users of systems running affected versions of FreeScout.

Risk Assessment:

High risk of arbitrary code execution, privilege escalation, and persistence.

Impact Assessment:

Potential for full system takeover, sensitive information disclosure, lateral movement and disruption of services.

Description

FreeScout is a lightweight, private alternative to Zendesk or Help Scout. It is a free, open-source, self-hosted help desk and shared mailbox solution.

The vulnerability exists due to a Time-of-Check to Time-of-Use (TOCTOU) flaw in the sanitizeUploadedFileName() function located in app/Http/Helper.php. The flaw occurs because the application checks whether a filename starts with a dot before removing invisible characters during sanitization. An attacker can exploit this behaviour by uploading a malicious .htaccess file prefixed with a zero-width space character, allowing the file to bypass the security check on the targeted server.

Successful exploitation could allow an authenticated attacker to execute arbitrary code on the targeted vulnerable server.

Solution

 

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-5gpc-65p8-ffwp

Vendor Information

FreeScout

https://freescout.net/

References

 

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-5gpc-65p8-ffwp

https://www.bleepingcomputer.com/news/security/mail2shell-zero-click-attack-lets-hackers-hijack-freescout-mail-servers/

CVE Name

CVE-2026-28289

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmxd1MACgkQ3jCgcSdc

ys+9khAAjrySU5LM8ZrY8eMqK/HTyhyai7HBjGZqPE6DzjYnsJStt1zR4hjiWhJd

jkDbCouGCCGYE8+Dpfmb28S9VdkuQdolB6uEZR6cR38ERwVp5CbGIcohRoyrDpC6

CEm/Ne0/USVZ2TM1j7+wpxQLiMC+CUVSuU2faLpmdCUtbja7y84aj5QnRlQDVdlj

wRW5MlydqEjl8HO3PMUwC8x91qMxc+k/cruotwP+p6rozRWYf4zOchIMDmvm0hTT

hRJBsMwza8MEccGjuCN2vlYguzTPxPa1sy/5+Apk6mKxk/EJKTokHxH1w2UlPtk4

W/5YFz8AdjCm4ljuGpALMKJTSTNERwfgHaaiW60k0iEnE0YY24lx/RGMSYlOMvhj

owJJyk2DbkGd9TCwhW1U+0efnToHNJgu1DHf+OFpVSrdx6a2TwuC2PGYYj9CPxUP

U49f46ZKnlfMduAivPuR2Cio3JTFvChgcq8bL47VK5nrznKfWvXrwndMOyYP8WPD

p5I04EF+q2tESQz1vzt96YWZkU/1YB1USnueb9v6JmeYxrZsDnYiE31XK0xuulDS

6o+cqN/0E+pUIJFvcCOWRp7kGlfa0fnuTJleCRY4hEsOSy2yskI/XVlKz6NoZjYT

wTcP8AWULSbWcr0FRXiWf82jXCwfVrA7lro10naZbNjqBskKUNw=

=VZkq

—–END PGP SIGNATURE—–