Breaking
Nagoshi’s Gang of Dragon May Never Come Out After Investor NetEase Cut Funding When It Realized an Extra $44 Million Was Needed to Finish the Game
(Song) From Asphalt to Assets – Domain Industry Mountain Country
Bungie Responds Quickly to Marathon Microtransactions Backlash, First Patch Will Make the Game Slightly Easier
Autonomous AI Agents Have an Ethics Problem
How Artificial Intelligence Is Transforming Creator Discovery: The Rise of AI-Powered TikTok User Search
How Artificial Intelligence Is Transforming Creator Discovery: The Rise of AI-Powered TikTok User Search
How Artificial Intelligence Is Transforming Creator Discovery: The Rise of AI-Powered TikTok User Search
Will 2026 be the Year of the Chief Data Officer? Securing the Public-Sector’s AI Foundation
How to safely handle the rise of AI agents
Hybrid Evaluators and the Doomsday Clock: An Evaluative Approach to Global Risk and AI Futures
7 Mar 2026, Sat
Launch Your Site in 5 Minutes
Cyber Security News

Mail2Shell Zero-Click Attack lets Hackers Hijack FreeScout Mail Servers

By rssfeeds-admin No Comments
Mail2Shell Zero-Click Attack lets Hackers Hijack FreeScout Mail Servers
Mail2Shell Zero-Click Attack lets Hackers Hijack FreeScout Mail Servers
Researchers have uncovered a critical zero-click vulnerability in FreeScout, a widely used open-source help desk and shared mailbox application.

Dubbed “Mail2Shell,” this flaw allows attackers to hijack mail servers without any user interaction or authentication.

The vulnerability, tracked as CVE-2026-28289, bypasses a recently patched Remote Code Execution (RCE) flaw, escalating it into an unauthenticated zero-click attack.

class="wp-block-heading" id="h-the-zero-click-escalation-path">The Zero-Click Escalation Path

Just days after FreeScout patched an authenticated RCE vulnerability (CVE-2026-27636), security analysts found a way to bypass the incomplete fix.

The original patch attempted to block dangerous file uploads by appending an underscore to files with restricted extensions or names starting with a period.

Attack Graph (source : OX. Security)
Attack graph (source: ox. Security)

However, attackers can easily bypass this validation by prepending a Zero-Width Space character (Unicode U+200B) to the malicious filename.

Blocked risky uploads via underscores(source : OX. Security)
Blocked risky uploads via underscores (source: ox. Security)

Because the system does not treat this hidden character as visible content during the initial security check, the file slips past the filter.

Later in the processing chain, the server strips the U+200B character, leaving the payload as a dangerous dotfile.

To exploit this, an attacker sends a crafted email containing the malicious payload to any address connected to the FreeScout server.

The system automatically writes the file to disk in a predictable directory (/storage/attachment/…).

The hacker can then navigate to the payload via the web interface and execute remote commands instantly. This entire chain requires absolutely no authentication and no interaction from the victim.

Impact and Immediate Mitigation

FreeScout is heavily utilized by public health institutions, financial platforms, and technology providers to manage customer support.

Built on the Laravel PHP framework, FreeScout has over 1,100 publicly exposed instances, making it a highly lucrative target for threat actors.

Bypass confirmed, escalating to unauthenticated RCE(source :OX. Security)
Bypass confirmed, escalating to unauthenticated rce(source :ox. Security)

According to OX Security researchers, if exploited, the Mail2Shell vulnerability can lead to complete server takeover.

Hackers can exfiltrate sensitive helpdesk tickets, steal customer inbox data, and use the compromised host to move laterally across the organization’s network.

Payload accessed, enabling remote server commands(source : OX. Security)
Payload accessed, enabling remote server commands(source : ox. Security)

The FreeScout maintainers responded quickly by releasing version 1.8.207 to close the variant attack path.

Administrators must apply this update immediately, as an older patch does not protect against this zero-click escalation.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Mail2Shell Zero-Click Attack lets Hackers Hijack FreeScout Mail Servers appeared first on Cyber Security News.

Discover more from RSS Feeds Cloud

Subscribe to get the latest posts sent to your email.

By rssfeeds-admin

Related Posts

Cyber Security News

OpenAI Launches Codex Security that Discover, Validate and Patch Vulnerabilities

rssfeeds-admin
Cyber Security News

OpenAI Launches Codex Security that Discover, Validate and Patch Vulnerabilities

rssfeeds-admin
Cyber Security News

Claude AI Discovers 22 Major Vulnerabilities in Firefox Browser in 14 Days

rssfeeds-admin

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

IGN

Nagoshi’s Gang of Dragon May Never Come Out After Investor NetEase Cut Funding When It Realized an Extra $44 Million Was Needed to Finish the Game

Domaining Tips

(Song) From Asphalt to Assets – Domain Industry Mountain Country

IGN

Bungie Responds Quickly to Marathon Microtransactions Backlash, First Patch Will Make the Game Slightly Easier

Singularity Hub

Autonomous AI Agents Have an Ethics Problem

Discover more from RSS Feeds Cloud

Subscribe now to keep reading and get access to the full archive.

Continue reading