A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially crafted email to a FreeScout mailbox. CVE-2026-28289 exploitation FreeScout is a free, open-source help desk and shared inbox system used by businesses or teams to manage customer support conversations in one place. It is built with PHP (Laravel) and MySQL, and it’s designed to be self-hosted – either on-premises, on a … More → The post FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289) appeared first on Help Net Security.