CVE-2026-21626

Name of the Vulnerable Software and Affected Versions EasyDiscuss (affected versions not specified)

Description Access control settings for forum post custom fields are not enforced when data is output in JSON format. This results in an Access Control List (ACL) bypass, potentially leading to information disclosure. The issue allows unauthorized access to custom field data through JSON endpoints, requiring no authentication. This makes exploitation straightforward.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.