{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T21:40:29.980","vulnerabilities":[{"cve":{"id":"CVE-2026-32752","sourceIdentifier":"security-advisories@github.com","published":"2026-03-19T22:16:41.650","lastModified":"2026-03-23T19:30:28.227","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit() method contains a broken access control vulnerability that allows any authenticated user (regardless of role or mailbox access) to read and modify all customer-created thread messages across all mailboxes. This flaw enables silent modification of customer messages (evidence tampering), bypasses the entire mailbox permission model, and constitutes a GDPR/compliance violation. The issue has been fixed in version 1.8.209."},{"lang":"es","value":"FreeScout es un help desk gratuito y una bandeja de entrada compartida construido con el framework Laravel de PHP. En las versiones 1.8.208 e inferiores, el método ThreadPolicy::edit() contiene una vulnerabilidad de control de acceso roto que permite a cualquier usuario autenticado (independientemente de su rol o acceso al buzón) leer y modificar todos los mensajes de hilo creados por clientes en todos los buzones. Esta falla permite la modificación silenciosa de los mensajes de los clientes (alteración de pruebas), omite todo el modelo de permisos del buzón y constituye una violación de GDPR/cumplimiento. El problema ha sido solucionado en la versión 1.8.209."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":0.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freescout:freescout:*:*:*:*:*:*:*:*","versionEndExcluding":"1.8.209","matchCriteriaId":"FA447A4F-F76D-4D18-85E7-18B185572113"}]}]}],"references":[{"url":"https://github.com/freescout-help-desk/freescout/commit/996a7f96337fdd8a1d1bbd0da0ec7ec85d160b11","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/freescout-help-desk/freescout/releases/tag/1.8.209","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-wxg5-g9vv-v8g9","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory","Exploit"]}]}}]}