According to a recent LinkedIn post from OX Security, the company’s research team is highlighting a critical zero-click vulnerability in FreeScout, an open-source help desk platform. The post describes CVE-2026-28289 as allowing full remote code execution via a single crafted email, with more than 1,100 publicly accessible FreeScout instances identified.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The company’s LinkedIn post suggests that exposed deployments include hospitals, financial services platforms, technology providers, and news organizations, implying potential operational and data-security risks for those sectors. For OX Security, the visibility around discovering and disclosing this vulnerability may reinforce its position as a specialized application-security and research-focused vendor, which could support customer acquisition and pricing power in the cybersecurity market.
The post also points to the availability of a patch in FreeScout v1.8.207 and links to full research and proof-of-concept material, underscoring the firm’s emphasis on technical depth and responsible disclosure. If enterprises respond by elevating software supply chain and application security in their budgets, research-led vendors such as OX Security could see increased demand for their offerings over time, though the LinkedIn content does not provide direct information on monetization or contracts.