CVE-2026-40567

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization and rendered unescaped into outgoing reply emails via the `{%customer.fullName%}` signature variable. This allows embedding phishing links, tracking pixels, and spoofed content inside legitimate support emails sent from the organization's address. Version 1.8.213 fixes the issue.

CVSS v3 5.8 MEDIUM

5.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/freescout-help-desk/freescout/commit/9131b16f80eade81002cb9809a2603f6b61981cf
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-q8v4-v62h-5528
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-q8v4-v62h-5528

Configurations

No configuration.

History

21 Apr 2026, 20:16

Type	Values Removed	Values Added
References	~~() https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-q8v4-v62h-5528 -~~	() https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-q8v4-v62h-5528 -

21 Apr 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-21 17:16

Updated : 2026-04-22 21:10

NVD link : CVE-2026-40567

Mitre link : CVE-2026-40567

CVE.ORG link : CVE-2026-40567

JSON object : View

Products Affected

No product.

CWE

CWE-116

Improper Encoding or Escaping of Output

5.8 /10