Excessive Data Exposure Vulnerability in Easy!Appointments by Alex Tselegidis
CVE-2026-55651

7.1HIGH

Key Information:

Vendor
CVE Published:
14 July 2026

What is CVE-2026-55651?

In version 1.5.2 of Easy!Appointments, a self-hosted appointment scheduling tool, an Excessive Data Exposure vulnerability exists within the customers search endpoint. This allows an authenticated user to access appointment hashes associated with other users. An attacker exploiting this vulnerability can potentially modify or delete appointments belonging to different providers, leading to unauthorized appointment management. This issue has been resolved in version 1.6.0 of the product.

Affected Version(s)

easyappointments = 1.5.2

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.