Security researchers have urged FreeScout customers to patch a maximum-severity remote code execution (RCE) vulnerability which needs no user interaction to achieve full system compromise. CVE‑2026‑28289 (Mail2Shell) is actually a bypass for an earlier vulnerability (CVE-2026-27636) in the open source helpdesk platform, which could enable authenticated attackers to hijack targeted systems, according to Ox Security.

Source: Infosecurity Magazine – Information Security & IT Security