CVE-2026-23758

• Gfi/Helpdesk

  cpe:2.3:a:gfi:helpdesk:*:*:*:*:*:*:*:*

  Range: <4.99.9

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

• www.vulncheck.com/advisories/gfi-helpdesk-stored-xss-via-editsubject-parameternvdThird Party Advisory
• gfi.ai/products-and-solutions/email-and-messaging-solutions/helpdesk/resources/product-releasesnvdRelease Notes

• ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
  The Hacker News · May 14, 2026
• When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
  Rapid7 Blog · May 13, 2026
• Teams calls are about to get a lot harder to fake
  Help Net Security · May 6, 2026
• Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months
  Help Net Security · May 3, 2026
• This month in security with Tony Anscombe – April 2026 edition
  ESET WeLiveSecurity · Apr 30, 2026
• BlackFile Group Targets Retail and Hospitality with Vishing Attacks
  Infosecurity Magazine · Apr 27, 2026
• Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
  The Register Security · Apr 25, 2026
• Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)
  Wordfence Blog · Apr 23, 2026
• Cyber-Attacks Surge 63% Annually in Education Sector
  Infosecurity Magazine · Apr 23, 2026
• Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)
  Wordfence Blog · Apr 16, 2026
• As breakout time accelerates, prevention-first cybersecurity takes center stage
  ESET WeLiveSecurity · Apr 7, 2026
• Wordfence Intelligence Weekly WordPress Vulnerability Report (March 23, 2026 to March 29, 2026)
  Wordfence Blog · Apr 2, 2026
• How SMBs use threat research and MDR to build a defensive edge
  ESET WeLiveSecurity · Mar 5, 2026
• Faking it on the phone: How to tell if a voice call is AI or not
  ESET WeLiveSecurity · Feb 23, 2026