Unknown · Easydiscuss · CVE-2026-21626
**Name of the Vulnerable Software and Affected Versions**
EasyDiscuss (affected versions not specified)
**Description**
Access control settings for forum post custom fields are not enforced when data is output in JSON format. This results in an Access Control List (ACL) bypass, potentially leading to information disclosure. The issue allows unauthorized access to custom field data through JSON endpoints, requiring no authentication. This makes exploitation straightforward.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.