Auth bypass in Alextselegidis Easyappointments
CVE-2026-52837
Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at `/index.php/booking/reschedule/{appointment_hash}` (handled by `Booking::index()`) embeds the entire customer r…
Vulnerability class: Information Disclosure
Affected products
- Alextselegidis Easyappointments — versions < 1.6.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)