Home / Vulnerability Intelligence / CVE-2026-41193

CVE-2026-41193 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 21, 2026

FreeScout - Path Traversal

Published: April 21, 2026Updated: April 21, 2026Remote Exploitable

Overview

FreeScout < 1.8.215 contains a path traversal caused by improper validation of file paths during ZIP archive extraction in the module installation feature, letting authenticated admins write arbitrary files on the server filesystem.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Authenticated admins can write arbitrary files on the server, potentially leading to full system compromise.

Mitigation

Upgrade to version 1.8.215 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 21, 2026

🔴 CVE-2026-41193 - Critical (9.1) FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41193/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-41193
Severity: Critical
CVSS Score: 9.1
Type: path_traversal
Status: new
EPSS: 0.0%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days