Freescout Security Vulnerabilities (CVEs)

Track 22 security vulnerabilities affecting Freescout products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

5 Critical

10 High

7 Medium

Sort by:

🔔 Get Alerts for Freescout

CVE-2026-28289 10.0

This CVE describes a patch bypass vulnerability in FreeScout help desk software that allows authenticated users with file upload permissions to achiev...

Mar 3, 2026

CVE-2026-27637 9.8

FreeScout's authentication system uses a predictable, static token that never expires. If an attacker obtains the Laravel APP_KEY (commonly exposed), ...

Feb 25, 2026

CVE-2026-27636 8.8

This vulnerability allows authenticated users to upload .htaccess or .user.ini files to FreeScout help desk systems, enabling remote code execution on...

Feb 25, 2026

CVE-2025-58163 8.8

CVE-2025-58163 is a remote code execution vulnerability in FreeScout help desk software where authenticated attackers with knowledge of the applicatio...

Sep 3, 2025

CVE-2025-54366 8.8

CVE-2025-54366 is a critical deserialization vulnerability in FreeScout help desk software that allows authenticated attackers with knowledge of the A...

Jul 26, 2025

CVE-2025-48880 6.6

FreeScout versions before 1.8.181 contain a race condition vulnerability when administrators delete users. This could allow attackers to cause unexpec...

May 30, 2025

CVE-2025-48486 5.4

FreeScout versions before 1.8.180 contain a cross-site scripting (XSS) vulnerability in the Session::flash and __ functions due to insufficient input ...

May 30, 2025

CVE-2025-48488 5.4

CVE-2025-48488 is a Cross-Site Scripting vulnerability in FreeScout help desk software where deleting the .htaccess file allows attackers to upload ma...

May 30, 2025

CVE-2025-48483 5.4

FreeScout versions before 1.8.180 are vulnerable to stored XSS attacks through mail signature sanitization. Attackers can inject malicious HTML/JavaSc...

May 30, 2025

CVE-2025-48478 4.9

FreeScout versions before 1.8.180 have a mass assignment vulnerability during user creation that allows attackers to manipulate all fields in the User...

May 30, 2025

CVE-2025-48481 9.8

This vulnerability allows attackers with unactivated email invitations to self-activate blocked or deleted accounts in FreeScout help desk software. A...

May 30, 2025

CVE-2025-48476 8.8

FreeScout versions before 1.8.180 have a mass-assignment vulnerability in user record editing that allows authenticated users with edit permissions to...

May 30, 2025

CVE-2025-48475 8.1

CVE-2025-48475 is an authorization bypass vulnerability in FreeScout help desk software where authenticated users without mailbox or conversation acce...

May 29, 2025

CVE-2025-48473 4.3

This vulnerability in FreeScout allows authenticated users to view messages from conversations they shouldn't have access to when creating new convers...

May 29, 2025

CVE-2025-48474 8.1

FreeScout help desk software versions before 1.8.180 contain an access control vulnerability where users with 'show_only_assigned_conversations' enabl...

May 29, 2025

CVE-2025-48390 7.2

FreeScout versions before 1.8.178 contain a code injection vulnerability in the php_path parameter. Administrators can exploit this to execute arbitra...

May 29, 2025

CVE-2025-48471 9.8

FreeScout versions before 1.8.179 have an unrestricted file upload vulnerability that allows attackers to upload malicious PHP files (.phtml, .phar ex...

May 29, 2025

CVE-2025-48388 6.5

FreeScout help desk software prior to version 1.8.178 has an input validation vulnerability where special characters like carriage returns, newlines, ...

May 29, 2025

CVE-2024-34697 7.6

A stored HTML injection vulnerability in FreeScout's email reception module allows unauthenticated attackers to inject malicious HTML content into ema...

May 14, 2024

CVE-2024-29184 8.0

A stored cross-site scripting (XSS) vulnerability in FreeScout's signature input field allows support agents to inject malicious JavaScript that execu...

Mar 22, 2024

CVE-2024-29185 9.0

FreeScout versions before 1.8.128 contain an OS command injection vulnerability in the tools.php file that allows authenticated attackers with the App...

Mar 22, 2024

CVE-2024-28186 7.1

This vulnerability in FreeScout exposes SMTP server credentials to authenticated users through stack traces stored in the database and accessible via ...

Mar 12, 2024

Why Monitor Freescout Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 22+ known vulnerabilities affecting Freescout products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Freescout packages in under 60 seconds. No agents required - completely agentless scanning that works across Freescout deployments.

Free vulnerability database: Access detailed information about every Freescout CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Freescout CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Freescout CVEs Free