Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-40496
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-21 Apr, 2026 | 01:38
Updated At-21 Apr, 2026 | 13:50
Rejected At-
▼CVE Numbering Authority (CNA)
FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small range, an unauthenticated attacker can forge valid tokens and download any private attachment without credentials. Version 1.8.213 fixes the issue.

Affected Products
Vendor
freescout-help-desk
Product
freescout
Versions
Affected
  • < 1.8.213
Problem Types
TypeCWE IDDescription
CWECWE-330CWE-330: Use of Insufficiently Random Values
CWECWE-340CWE-340: Generation of Predictable Numbers or Identifiers
Type: CWE
CWE ID: CWE-330
Description: CWE-330: Use of Insufficiently Random Values
Type: CWE
CWE ID: CWE-340
Description: CWE-340: Generation of Predictable Numbers or Identifiers
Metrics
VersionBase scoreBase severityVector
4.08.8HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Version: 4.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-2783-wxmm-wmwr
x_refsource_CONFIRM
https://github.com/freescout-help-desk/freescout/commit/dbdf8f2260b43a21818255c70f0b61b9de9cd555
x_refsource_MISC
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213
x_refsource_MISC
Hyperlink: https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-2783-wxmm-wmwr
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/freescout-help-desk/freescout/commit/dbdf8f2260b43a21818255c70f0b61b9de9cd555
Resource:
x_refsource_MISC
Hyperlink: https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found