Weak Token Generation Vulnerability in FreeScout Help Desk System
CVE-2026-40496

8.8HIGH

Key Information:

Vendor

Freescout-help-desk

Status
Freescout
Vendor
CVE Published:
21 April 2026

What is CVE-2026-40496?

FreeScout, a self-hosted help desk solution, is susceptible to an exploit where attachment download tokens are created using a non-secure method. Versions before 1.8.213 employ a predictable generation strategy based on a combination of the application key, attachment ID, and size. This flaw allows unauthenticated attackers to forge valid tokens, resulting in unauthorized access to confidential attachments. The issue has been addressed in version 1.8.213, which strengthens the token generation process to prevent such exploits.

Affected Version(s)

freescout < 1.8.213

References

https://github.com/freescout-help-desk/freescout/security...
x_refsource_CONFIRM
https://github.com/freescout-help-desk/freescout/commit/d...
x_refsource_MISC
https://github.com/freescout-help-desk/freescout/releases...
x_refsource_MISC

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.