According to a recent LinkedIn post from OX Security, the company’s research arm has identified a critical bypass in the open-source helpdesk platform FreeScout that escalates a previously disclosed authenticated remote code execution (RCE) issue into a zero-click, unauthenticated RCE vulnerability (CVE-2026-28289). The post indicates that the flaw affects all FreeScout versions up to 1.8.206, with around 1,100 publicly exposed instances observed via Shodan, and notes that a fix is available in version 1.8.207.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The post highlights a novel exploitation technique using a zero-width space in filenames to evade validation and ultimately achieve code execution on the server via a crafted email, underscoring how initial patches may leave residual attack paths. For investors, this research activity suggests that OX Security is positioning itself as a thought leader in software supply chain and application security, which could enhance brand visibility, support customer acquisition, and potentially justify premium pricing for its security offerings in a market increasingly focused on zero-day and patch-bypass risks.
The detailed technical breakdown and proof-of-concept referenced in the post may also deepen engagement with security professionals and enterprises that depend on open-source tools, where vulnerability management is a growing priority. Strong research output of this kind can strengthen OX Security’s competitive differentiation versus other vendors in the application and DevSecOps security space, potentially supporting long-term demand and partnership opportunities as organizations seek proactive protection against rapidly weaponized vulnerabilities.