What is CVE-2026-41193?

CVE-2026-41193 is a critical-severity vulnerability in Freescout-help-desk Freescout, classified under Path Traversal. CVSS score: 9.1/10. Published 2026-04-21.

How severe is CVE-2026-41193?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Path Traversal in Freescout-help-desk Freescout

CVE-2026-41193

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (17.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Freescout-help-desk Freescout — versions < 1.8.215

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-r85m-5mc9-cc9w (x_refsource_CONFIRM)
https://github.com/freescout-help-desk/freescout/commit/14f17a5cd22d217103a72b431b47b1f06996227b (x_refsource_MISC)
https://github.com/freescout-help-desk/freescout/releases/tag/1.8.215 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-41193?: CVE-2026-41193 is a critical-severity vulnerability in Freescout-help-desk Freescout, classified under Path Traversal. CVSS score: 9.1/10. Published 2026-04-21.
How severe is CVE-2026-41193?: Critical severity. CVSS v3 base score is 9.1 out of 10.