FreeScout Vulnerability Allows Silent Email Exfiltration and Hijacking
The National Vulnerability Database has detailed a critical mass assignment flaw in FreeScout, a self-hosted help desk solution. Versions prior to 1.8.213 are affected by this vulnerability, which resides in the mailbox connection settings endpoints. Attackers with authenticated admin privileges can exploit this by injecting hidden parameters into connection save requests. This allows them to silently redirect all outgoing emails to an attacker-controlled address (via auto_bcc) or even hijack the outgoing SMTP server.
This flaw is particularly concerning as it bypasses standard form validation and can be exploited invisibly. An attacker could inject malicious content like tracking pixels or phishing links into email signatures, or configure rogue auto-replies. The National Vulnerability Database highlights that in multi-admin environments, one administrator can conduct covert surveillance on mailboxes managed by others. Furthermore, if an admin session is compromised through other means, like XSS, this vulnerability provides a persistent channel for data exfiltration that survives session expiry.
Defenders using FreeScout should immediately update to version 1.8.213 or later. For organizations unable to patch promptly, a thorough audit of mailbox connection and general mailbox settings for any unexpected configurations, particularly auto_bcc and out_server parameters, is crucial. Given the critical CVSS score of 9, this vulnerability warrants immediate attention.
What This Means For You
- If your organization uses FreeScout, check your version immediately. If you are running a version prior to 1.8.213, patch to the latest release without delay. Audit all mailbox connection and general mailbox settings for any unauthorized or suspicious parameters, such as unexpected `auto_bcc` addresses or `out_server` configurations.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
FreeScout Mass Assignment Vulnerability - Auto BCC Exfiltration - CVE-2026-40569
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-40569 | Vulnerability | CVE-2026-40569 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 21, 2026 at 20:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-41194 — FreeScout is a free self-hosted help desk and shared
CVE-2026-41194 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox OAuth disconnect action is implemented as `GET...
FreeScout Vulnerability: Unrestricted File Write via ZIP Upload
CVE-2026-41193 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating...
FreeScout Attachment Flaw Allows Data Deletion
CVE-2026-41192 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment...