CVE-2026-41902 – FreeScout

CVSS 9.1 CRITICAL

“An old invite link can quietly become a permanent backdoor.”

This patch addresses a critical account takeover vulnerability in FreeScout affecting versions prior to 1.8.217. The issue stems from invitation links that never expire, allowing attackers to reuse leaked or exposed invite hashes to set account passwords at any time. This creates a long-term risk where unauthorized access can occur months or even years after the original invitation was sent.

CVE-2026-41902 has a CVSS score of 9.1, which is Critical severity. Proof-of-concept exploitation has been confirmed, increasing the likelihood of abuse in real-world scenarios. If an admin invitation link is exposed, attackers can gain full administrative control of the system without authentication.

Key Details

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
CWE Classification: CWE-613

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2026-41902 – FreeScout

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002