CVE-2026-27636

EUVD-2026-8612

25.02.2026, 04:16

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in `app/Misc/Helper.php` does not include `.htaccess` or `.user.ini` files. On Apache servers with `AllowOverride All` (a common configuration), an authenticated user can upload a `.htaccess` file to redefine how files are processed, enabling Remote Code Execution. This vulnerability can be exploited on its own or in combination with CVE-2026-27637. Version 1.8.206 fixes both vulnerabilities.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
freescout	freescout	𝑥 < 1.8.206

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

Vulnerability Media Exposure

[ENGLISH] Zero-Click FreeScout Bug Enables Remote Code Execution
Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction
Published: 2026-03-05T11:00:00+00:00

References

https://github.com/freescout-help-desk/freescout/commit/9984071e6f1b4e633fdcffcea82bbebc9c1e009c

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-6gcm-v8xf-j9v9

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-x7j3-74vc

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-6gcm-v8xf-j9v9

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-x7j3-74vc