According to a recent LinkedIn post from OX Security, the company’s research arm has identified a critical vulnerability in the open-source helpdesk platform FreeScout. The post describes a bypass that escalates a previously disclosed authenticated remote code execution flaw into a zero-click unauthenticated RCE, tracked as CVE-2026-28289.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The vulnerability reportedly affects all FreeScout versions up to 1.8.206 and has been patched in version 1.8.207, with roughly 1,100 publicly exposed instances cited via Shodan. The post also emphasizes how attackers can quickly analyze newly released patches to discover residual attack paths, positioning OX Security as active in early-stage vulnerability research and disclosure.
For investors, this research activity may reinforce OX Security’s credibility in the software supply chain and application security markets, potentially supporting demand for its security solutions and services. Demonstrated capability to uncover complex attack vectors could help differentiate the company in a crowded cybersecurity landscape and attract enterprise customers seeking advanced threat research and proactive risk management.
In addition, the focus on a widely used open-source tool highlights OX Security’s engagement with real-world, production-relevant security issues rather than purely theoretical research. If such findings continue and lead to broader industry recognition, partnerships, or product enhancements, they could indirectly bolster the company’s growth prospects and competitive positioning over time.