Pending AI Enrichment

This vulnerability was recently detected via the live feed and has not yet been processed by Precogs AI's context enrichment engine. The data below represents raw telemetric data.

RAW NVD TELEMETRY

CVE-2026-40496

CVSS Base Score

9.1 CRITICAL

Primary Weakness

CWE-330

Published Date

Apr 21, 2026

Data Source

NVD API

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small range, an unauthenticated attacker can forge valid tokens and download any private attachment without credentials. Version 1.8.213 fixes the issue.

Related Vulnerabilitiesvia CWE-330

View all CWE-330 vulnerabilities →

Explore Precogs Intelligence

●The Vulnerability Hub ●AI-Generated Code Exploits ●Enterprise Security Guides ●OWASP Top 10 Taxonomy

Is your system affected?

Precogs AI detects CVE-2026-40496 in compiled binaries, LLMs, and application layers — even without source code access.

Request Deep Analysis Book a demo