CVE-2026-40592 - FreeScout's cross-user undo reply allows mailbox peers to recall another agent's outbound reply
CVE ID :CVE-2026-40592 Published : April 21, 2026, 5:16 p.m. | 56 minutes ago Description :FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user can view the pa
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] 🔒 pear: Kinsmen TeleMiracle
- [CYBER] New GoGra malware for Linux uses Microsoft Graph API for comms
- [CYBER] Mirai Botnet Targets Flaw in Discontinued D-Link Routers
- [CYBER] France's 'Secure' ID agency probes breach as crooks claim 19M records
- [CYBER] Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)
- [CYBER] Guidance on Certifications