CVE ID :CVE-2026-32752 Published : March 19, 2026, 9:21 p.m. | 24 minutes ago Description :FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, the ThreadPolicy::edit() method contains a broken access control vulnerability that allows any authenticated user (regardless of role or mailbox access) to read and modify all customer-created thread messages across all mailboxes. This flaw enables silent modification of customer messages (evidence tampering), bypasses the entire mailbox permission model, and constitutes a GDPR/compliance violation. The issue has been fixed in version 1.8.209. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...