{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40570", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-14T13:24:29.474Z", "datePublished": "2026-04-21T16:48:08.260Z", "dateUpdated": "2026-04-21T19:11:51.385Z"}, "containers": {"cna": {"title": "FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822"}, {"name": "https://github.com/freescout-help-desk/freescout/commit/f35b4249c72d9bdac6ab1ea4e288f5894be34057", "tags": ["x_refsource_MISC"], "url": "https://github.com/freescout-help-desk/freescout/commit/f35b4249c72d9bdac6ab1ea4e288f5894be34057"}, {"name": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213", "tags": ["x_refsource_MISC"], "url": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213"}], "affected": [{"vendor": "freescout-help-desk", "product": "freescout", "versions": [{"version": "< 1.8.213", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T16:48:08.260Z"}, "descriptions": [{"lang": "en", "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retrieve all customer PII. Version 1.8.213 fixes the issue."}], "source": {"advisory": "GHSA-w77q-wjfp-c822", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T19:11:31.685464Z", "id": "CVE-2026-40570", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T19:11:51.385Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40570", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-21T19:11:31.685464Z"}}}], "references": [{"url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T19:11:48.223Z"}}], "cna": {"title": "FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII", "source": {"advisory": "GHSA-w77q-wjfp-c822", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "freescout-help-desk", "product": "freescout", "versions": [{"status": "affected", "version": "< 1.8.213"}]}], "references": [{"url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822", "name": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/freescout-help-desk/freescout/commit/f35b4249c72d9bdac6ab1ea4e288f5894be34057", "name": "https://github.com/freescout-help-desk/freescout/commit/f35b4249c72d9bdac6ab1ea4e288f5894be34057", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213", "name": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retrieve all customer PII. Version 1.8.213 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T16:48:08.260Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40570", "state": "PUBLISHED", "dateUpdated": "2026-04-21T19:11:51.385Z", "dateReserved": "2026-04-14T13:24:29.474Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-21T16:48:08.260Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retrieve all customer PII. Version 1.8.213 fixes the issue."}], "id": "CVE-2026-40570", "lastModified": "2026-04-22T21:10:14.290", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-21T17:16:55.593", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/freescout-help-desk/freescout/commit/f35b4249c72d9bdac6ab1ea4e288f5894be34057"}, {"source": "security-advisories@github.com", "url": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213"}, {"source": "security-advisories@github.com", "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w77q-wjfp-c822"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}, {"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.8.213)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "freescout", "source": "cna", "vendor": "freescout-help-desk"}, "product": "freescout", "vendor": "freescout_helpdesk"}], "analysis": {"en": {"generated_at": "2026-04-21T22:38:09.773563+00:00", "value": {"mitigation_remediation": ["Upgrade to FreeScout version 1.8.213 or later to apply the vendor fix.", "If an upgrade cannot be performed immediately, limit access to the /conversation/ajax endpoint so that only privileged users with appropriate mailbox permissions can invoke load_customer_info.", "Enable logging and monitoring for requests to customer data endpoints to detect unauthorized access attempts.", "Review and restrict user accounts that have mailbox access flags to prevent accidental exposure of customer PII."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized PII Disclosure"}, "threat_synthesis": {"affected_systems": "The flaw affects installations of FreeScout Help Desk version 1.8.212 and earlier. Users deploying the open\u2011source software before the 1.8.213 release are susceptible. The vendor's advisory lists the problem and specifies that upgrade to 1.8.213 or later resolves the issue.", "description_and_impact": "The vulnerability is due to a missing authorization check in the load_customer_info action of the /conversation/ajax endpoint. An authenticated user can supply any email address and retrieve the full customer profile, exposing personal identifying information. The weakness, categorized as CWE\u2011639 and CWE\u2011862, compromises confidentiality of customer data and can lead to privacy breaches or regulatory non\u2011compliance.", "risk_and_exploitability": "The CVSS base score of 5.7 indicates a moderate impact. The EPSS is not available, and the vulnerability is not listed in CISA's KEV catalog, suggesting that it is not actively exploited. Exploitation requires only an authenticated session, typically a normal user account, and knowledge of the target email address. An attacker could craft a POST request bearing the load_customer_info action and observe the returned PII, therefore the primary risk is confidential data compromise. Since no remote code execution or denial of service is implied, the immediate threat is data confidentiality loss."}}}}, "created": "2026-04-21T18:30:27.391702+00:00", "updated": "2026-04-21T22:45:16.056925+00:00", "vendors": ["freescout_helpdesk", "freescout_helpdesk$PRODUCT$freescout"]}