What's Happening?
A critical vulnerability in FreeScout, an open-source help desk and shared mailbox solution, has been identified, allowing zero-click remote code execution (RCE) attacks. Tracked as CVE-2026-28289, this flaw is a patch bypass for a previously fixed high-severity
RCE bug. The vulnerability involves a Time-of-Check to Time-of-Use (TOCTOU) issue in filename sanitization, allowing attackers to upload malicious files and execute commands remotely. The issue affects FreeScout installations running on Apache with AllowOverride All enabled.
Why It's Important?
This vulnerability poses a significant security risk, potentially allowing attackers to take full control of affected servers, exfiltrate sensitive data, and move laterally within networks. Organizations using FreeScout must address this vulnerability promptly to prevent data breaches and maintain operational integrity. The incident highlights the importance of robust security measures and timely patch management in open-source software to protect against evolving cyber threats.
What's Next?
FreeScout users are advised to update to version 1.8.207, which addresses the vulnerability. Organizations should review their security protocols and ensure that all software is up-to-date to mitigate similar risks. The cybersecurity community may see increased scrutiny on open-source solutions, prompting developers to enhance security practices and patch management processes.
