PT-2026-58070 · Unknown · Easyappointments

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-55651

CVSS v3.1

7.1

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Name of the Vulnerable Software and Affected Versions Easy!Appointments versions prior to 1.6.0
Description An excessive data exposure issue in the customers search endpoint allows an authenticated user to obtain appointment hashes belonging to other users. An attacker can use these hashes to modify or delete appointments of other providers, leading to an appointments takeover.
Recommendations Update to version 1.6.0.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55651
GHSA-4VMM-5QVC-W5P7

Affected Products

Easyappointments