Volerion logoVolerion
Volerion logoVolerion

FreeScout Mailbox OAuth Disconnect CSRF Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in FreeScout versions prior to 1.8.215, specifically within the mailbox OAuth disconnect feature. The disconnect action is performed via a GET request, which removes stored OAuth metadata and redirects the user. Because this action does not require a CSRF token, it can be exploited cross-site against an admin user of the mailbox.

Impact

Exploitation of this vulnerability allows for the unauthorized disconnection of OAuth credentials from a mailbox, disrupting email fetching and delivery for the affected account.

Reproduction

To reproduce this vulnerability, log into FreeScout as an admin and navigate to a mailbox with active OAuth metadata. Then, send a GET request to the OAuth disconnect endpoint for that mailbox, provider, and direction (in or out). This can be done manually or by crafting a CSRF payload, such as an image tag, that targets the disconnect action.

Remediation

Users can update to FreeScout version 1.8.215 or later, where this vulnerability has been fixed.

Added: Apr 21, 2026, 8:16 PM
Updated: Apr 21, 2026, 8:16 PM

Vulnerability Rating

Custom Algorithm
spread
2.2
impact
0.6
exploitability
7.9
remediation
7.7
relevance
6.4
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.