CVE-2026-40569
FreeScout · FreeScout
FreeScout versions prior to 1.8.213 contain a mass assignment vulnerability in mailbox connection settings, allowing authenticated admins to overwrite sensitive configuration fields.
Executive summary
A mass assignment vulnerability in FreeScout allows an authenticated administrator to perform unauthorized mailbox modifications, leading to persistent email exfiltration and account compromise.
Vulnerability
The application fails to implement field allowlisting in connectionIncomingSave() and connectionOutgoingSave() methods, enabling an authenticated admin user to inject unauthorized parameters into the Mailbox model.
Business impact
Successful exploitation allows an attacker to silently enable BCC forwarding, redirect SMTP traffic, or inject phishing content into email signatures. Given the CVSS score of 9.0, this vulnerability poses a severe risk of data exfiltration and loss of communication integrity, potentially leading to regulatory non-compliance and significant reputational damage.
Remediation
Immediate Action: Upgrade the FreeScout installation to version 1.8.213 or later immediately to enforce proper parameter validation.
Proactive Monitoring: Review application logs for unusual administrative activity and monitor outbound mail server configurations for unexpected BCC addresses or SMTP relay changes.
Compensating Controls: Implement strict administrative access controls and utilize a Web Application Firewall (WAF) to inspect POST requests for unexpected parameters in the mailbox settings endpoints.
Exploitation status
Public Exploit Available: Not specified.
Analyst recommendation
This vulnerability represents a critical security oversight in the application's configuration management. Administrators should prioritize updating to version 1.8.213 immediately to close the mass assignment vector, as the silent nature of the injection makes detection difficult without proactive audit logging.