What is CVE-2026-40567?

CVE-2026-40567 is a medium-severity vulnerability in Freescout-help-desk Freescout, classified under Improper Encoding or Escaping of Output. CVSS score: 5.8/10. Published 2026-04-21.

How severe is CVE-2026-40567?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Vulnerability in Freescout-help-desk Freescout

CVE-2026-40567

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name…

EPSS: 0.001 (20.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N.

Affected products

Freescout-help-desk Freescout — versions < 1.8.213

Weakness classification (CWE)

CWE-116 — Improper Encoding or Escaping of Output

References

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-q8v4-v62h-5528 (x_refsource_CONFIRM)
https://github.com/freescout-help-desk/freescout/commit/9131b16f80eade81002cb9809a2603f6b61981cf (x_refsource_MISC)
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.213 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-40567?: CVE-2026-40567 is a medium-severity vulnerability in Freescout-help-desk Freescout, classified under Improper Encoding or Escaping of Output. CVSS score: 5.8/10. Published 2026-04-21.
How severe is CVE-2026-40567?: Medium severity. CVSS v3 base score is 5.8 out of 10.