CVE-2026-41192 | freescout-help-desk freescout up to 1.8.214 Attachment::deleteByIds attachments_all[] authorization (GHSA-cv36-2j23-x6g3)

A vulnerability classified as problematic has been found in freescout-help-desk freescout up to 1.8.214. This affects the function Attachment::deleteByIds. The manipulation of the argument attachments_all[] leads to missing authorization.

This vulnerability is listed as CVE-2026-41192. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More