Notification Subscription Vulnerability in FreeScout by FreeScout Help Desk
CVE-2026-41903

5.4MEDIUM

Key Information:

Vendor: Freescout-help-desk
Status: Freescout
Vendor: CVE Published:; 7 May 2026

🔔 Create Freescout-help-desk Vulnerability Alert

What is CVE-2026-41903?

FreeScout, a help desk software developed using the Laravel framework, contains a vulnerability that allows users with the 'PERM_EDIT_USERS' permission to gain unauthorized access to the notification subscriptions of other users, including administrators. By exploiting this flaw, an attacker can send a single POST request to modify or disable notifications for any user, effectively suppressing critical alerts. This security issue highlights the importance of robust permission management in applications. The vulnerability was addressed and patched in version 1.8.217 of FreeScout.

Affected Version(s)

freescout < 1.8.217

References

https://github.com/freescout-help-desk/freescout/security...

x_refsource_CONFIRM

https://github.com/freescout-help-desk/freescout/releases...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 22, 2026

CVE-2026-41903 Data

JSON