Customer Visibility Flaw in FreeScout Help Desk Software by FreeScout
CVE-2026-39384

7.6HIGH

Key Information:

Vendor: Freescout-help-desk
Status: Freescout
Vendor: CVE Published:; 7 April 2026

🔔 Create Freescout-help-desk Vulnerability Alert

What is CVE-2026-39384?

FreeScout, a free help desk and shared inbox application built on the PHP Laravel framework, features a vulnerability that neglects the limit_user_customer_visibility parameter during the customer merging process. This oversight may lead to unintended visibility of customer data, compromising user privacy. The issue has been addressed and remedied in version 1.8.212.

Affected Version(s)

freescout < 1.8.212

References

https://github.com/freescout-help-desk/freescout/security...

x_refsource_CONFIRM

https://github.com/freescout-help-desk/freescout/commit/b...

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-39384 Data

JSON