Excessive Data Exposure Vulnerability in Easy!Appointments by Alex Tselegidis
CVE-2026-55651
7.1HIGH
What is CVE-2026-55651?
In version 1.5.2 of Easy!Appointments, a self-hosted appointment scheduling tool, an Excessive Data Exposure vulnerability exists within the customers search endpoint. This allows an authenticated user to access appointment hashes associated with other users. An attacker exploiting this vulnerability can potentially modify or delete appointments belonging to different providers, leading to unauthorized appointment management. This issue has been resolved in version 1.6.0 of the product.
Affected Version(s)
easyappointments = 1.5.2
