Auth bypass in Alextselegidis Easyappointments

CVE-2026-52837

Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at `/index.php/booking/reschedule/{appointment_hash}` (handled by `Booking::index()`) embeds the entire customer r…

Vulnerability class: Information Disclosure

Affected products

Weakness classification (CWE)

References