CVE-2026-27636

Published: Feb 25, 2026Modified: Feb 26, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: security-advisories@github.com (Secondary)

Description

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in `app/Misc/Helper.php` does not include `.htaccess` or `.user.ini` files. On Apache servers with `AllowOverride All` (a common configuration), an authenticated user can upload a `.htaccess` file to redefine how files are processed, enabling Remote Code Execution. This vulnerability can be exploited on its own or in combination with CVE-2026-27637. Version 1.8.206 fixes both vulnerabilities.

Affected (1)

Products: Freescout: Freescout

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freescout Freescout	Before 1.8.206

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (5)

https://github.com/freescout-help-desk/freescout/commit/9984071e6f1b4e633fdcffcea82bbebc9c1e009c

Source: security-advisories@github.com

Patch

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-6gcm-v8xf-j9v9

Source: security-advisories@github.com

Not Applicable

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-x7j3-74vc

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-6gcm-v8xf-j9v9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Not Applicable

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-x7j3-74vc

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

Timeline

No history available yet.