Ethical Hacking News
A zero-click vulnerability has been discovered in the widely used helpdesk platform, FreeScout. This article delves into the details of this vulnerability, its severity, and the steps that organizations can take to protect themselves against potential attacks.
A zero-click vulnerability has been discovered in the FreeScout helpdesk platform (CVE-2026-28289), allowing hackers to hijack mail servers without user interaction or authentication. The vulnerability can be exploited by sending a single crafted email attachment to an address configured in FreeScout. Immediate patching and disabling 'AllowOverrideAll' are recommended to mitigate the risks associated with this flaw.
Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers, leaving organizations vulnerable to exploitation, and raising concerns about the severity of this vulnerability.
In a concerning turn of events, researchers at OX Security have uncovered a zero-click vulnerability in the widely used helpdesk platform, FreeScout. This vulnerability, tracked as CVE-2026-28289, allows attackers to achieve remote code execution (RCE) on the server without any user interaction or authentication. The impact of this flaw is significant, and it has raised concerns about the security of organizations that use FreeScout to manage customer support emails and tickets.
According to OX Research, an attacker can exploit this vulnerability by sending a single crafted email to any address configured in FreeScout. This email attachment is stored in "/storage/attachment/…," enabling the attacker to access the uploaded payload through the web interface and execute commands on the server without authentication or user interaction. This makes it a zero-click vulnerability, where no user action is required for an attacker to gain control of the system.
The flaw bypasses a fix for another RCE security issue (CVE-2026-27636) that could be exploited by authenticated users with upload permissions. The recent fix attempted to block dangerous file uploads by modifying filenames with restricted extensions or those starting with a dot. However, an attacker can use a zero-width space (Unicode U+200B) character before the filename to bypass this validation mechanism.
Subsequent processing removes the zero-width space character, allowing the file to be saved as a dotfile, and hence still triggering CVE-2026-27636 exploitation by completely bypassing the latest security checks. This means that even after the recent patch was applied, which fixed CVE-2026-28289, the vulnerability remains exploitable if an attacker uses this zero-width space character.
The severity of this flaw has been highlighted by the FreeScout team, who have warned that successful exploitation of CVE-2026-28289 may result in full server compromise, data breaches, lateral movement into internal networks, and service disruption. Immediate patching is advised to mitigate these risks.
OX Research has also recommended disabling 'AllowOverrideAll' in the Apache configuration on the FreeScout server, even when running version 1.8.207, which was patched four days ago. This recommendation aims to prevent further exploitation of this vulnerability until a more comprehensive fix can be developed.
In conclusion, the Mail2Shell zero-click attack and its impact on FreeScout mail servers are a concerning development in the world of cybersecurity. The severity of this flaw highlights the importance of regular security updates and patches for widely used software applications. It is crucial for organizations that use FreeScout to take immediate action and apply the latest patch to protect themselves against potential attacks.
Summary:
A zero-click vulnerability has been discovered in the FreeScout helpdesk platform, allowing hackers to hijack mail servers without any user interaction or authentication. This vulnerability, tracked as CVE-2026-28289, can be exploited by sending a single crafted email attachment to an address configured in FreeScout. Immediate patching and disabling 'AllowOverrideAll' are recommended to mitigate the risks associated with this flaw.
A zero-click vulnerability has been discovered in the widely used helpdesk platform, FreeScout. This article delves into the details of this vulnerability, its severity, and the steps that organizations can take to protect themselves against potential attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Vulnerability-so-Insidious-How-a-Single-Crafted-Email-Can-Hijack-FreeScout-Mail-Servers-ehn.shtml
https://www.bleepingcomputer.com/news/security/mail2shell-zero-click-attack-lets-hackers-hijack-freescout-mail-servers/
https://www.ox.security/blog/freescout-rce-cve-2026-28289/
https://nvd.nist.gov/vuln/detail/CVE-2026-28289
https://www.cvedetails.com/cve/CVE-2026-28289/
https://nvd.nist.gov/vuln/detail/CVE-2026-27636
https://www.cvedetails.com/cve/CVE-2026-27636/
Published: Wed Mar 4 16:15:18 2026 by llama3.2 3B Q4_K_M
