CVE-2026-27636 | THREATINT

Description

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in `app/Misc/Helper.php` does not include `.htaccess` or `.user.ini` files. On Apache servers with `AllowOverride All` (a common configuration), an authenticated user can upload a `.htaccess` file to redefine how files are processed, enabling Remote Code Execution. This vulnerability can be exploited on its own or in combination with CVE-2026-27637. Version 1.8.206 fixes both vulnerabilities.

PUBLISHED Reserved 2026-02-20 | Published 2026-02-25 | Updated 2026-02-25 | Assigner GitHub_M

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-434: Unrestricted Upload of File with Dangerous Type

Product status

< 1.8.206

affected

References

github.com/...escout/security/advisories/GHSA-mw88-x7j3-74vc exploit

github.com/...escout/security/advisories/GHSA-6gcm-v8xf-j9v9 exploit

github.com/...escout/security/advisories/GHSA-mw88-x7j3-74vc

github.com/...escout/security/advisories/GHSA-6gcm-v8xf-j9v9

github.com/...ommit/9984071e6f1b4e633fdcffcea82bbebc9c1e009c

cve.org (CVE-2026-27636)

nvd.nist.gov (CVE-2026-27636)

Download JSON