CVE-2026-41193

FreeScout has Zip Slip path traversal in module installation that allows arbitrary file write leading to RCE

CVSS 9.1 CRITICALEPSS 0.4%CWE-22

In short

FreeScout's module installer doesn't check if files in ZIP archives try to escape their intended folder, letting admin users write files anywhere on the server and potentially run malicious code.

Technical detail

CWE-22 path traversal in ZIP extraction during module installation allows authenticated administrators to write arbitrary files to the filesystem via crafted archive entries, enabling remote code execution. The vulnerability exists due to insufficient validation of extracted file paths before writing to disk.

Summary generated and translated by AI from the official description.

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP. Version 1.8.215 fixes the vulnerability.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

freescout-help-desk · freescout

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/freescout-help-desk/freescout/commit/14f17a5cd22d217103a72b431b47b1f06996227b https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215 https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-r85m-5mc9-cc9w