Skip to main content

Easy!Appointments CVE-2026-55651

| EUVDEUVD-2026-43726 HIGH
Information Exposure (CWE-200)
2026-07-14 GitHub_M
7.1
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
vuln.today AI
7.1 HIGH

Network-reachable endpoint needs only a low-privileged authenticated account (PR:L, AC:L, UI:N); hash leak is limited confidentiality (C:L) but enables high-impact tampering with others' appointments (I:H).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 16:06 vuln.today
CVE Published
Jul 14, 2026 - 15:31 cve.org
HIGH 7.1

DescriptionCVE.org

Easy!Appointments is a self hosted appointment scheduler. In version 1.5.2, an Excessive Data Exposure vulnerability in the customers search endpoint allows an authenticated user to obtain appointment hashes belonging to other users. Using these hashes, an attacker can modify or delete appointments of other providers, resulting in an Appointments Takeover. Version 1.6.0 fixes the issue.

AnalysisAI

Broken object-level authorization in Easy!Appointments 1.5.2 lets any authenticated user query the customers search endpoint to harvest the appointment hash tokens of other users and providers. Because these hashes act as the access control for appointment operations, an attacker can then edit or delete appointments they do not own, achieving a full Appointments Takeover across other providers. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege account
Delivery
Query customers search endpoint
Exploit
Harvest other users' appointment hashes
Execution
Replay hash to modify/delete endpoint
Impact
Take over or destroy victims' appointments

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated account on the target Easy!Appointments instance (CVSS PR:L) and access to the customers search endpoint, which returns appointment hashes of other users beyond the caller's authorization scope; possession of a leaked hash is the concrete prerequisite for the follow-on modify/delete actions. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N, base 7.1) signals a network-reachable, low-complexity attack that requires only a low-privileged authenticated account and no user interaction, with limited confidentiality loss but high integrity impact - consistent with the description in which a leaked hash enables tampering with other providers' bookings. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A registered low-privileged user on a shared Easy!Appointments 1.5.2 instance calls the customers search endpoint and receives appointment hashes belonging to other users and providers in the response. Reusing those hashes against the appointment modify/delete functions, the attacker reschedules or cancels bookings they do not own, disrupting other providers' schedules. …
Remediation Vendor-released patch: upgrade to Easy!Appointments 1.6.0, which fixes the excessive data exposure in the customers search endpoint per advisory GHSA-4vmm-5qvc-w5p7 (https://github.com/alextselegidis/easyappointments/security/advisories/GHSA-4vmm-5qvc-w5p7). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, review access logs on the customers search endpoint to identify suspicious queries from authenticated users. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-57602 CRITICAL POC
9.8 Feb 12

An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php f

CVE-2023-1269 CRITICAL POC
9.8 Mar 08

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated critical severi

CVE-2022-0482 CRITICAL POC
9.1 Mar 09

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments p

CVE-2023-2105 HIGH POC
8.8 Apr 15

Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated high severity (CVSS 8.8), th

CVE-2022-1397 HIGH POC
8.8 May 10

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated high severity (CVSS

CVE-2024-57601 MEDIUM POC
6.1 Feb 12

Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbit

CVE-2023-2104 MEDIUM POC
5.4 Apr 15

Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium severity (CVSS

CVE-2023-2103 MEDIUM POC
5.4 Apr 15

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium se

CVE-2023-2102 MEDIUM POC
4.8 Apr 15

Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium se

CVE-2023-3700 MEDIUM POC
4.3 Jul 17

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Ra

CVE-2023-1367 LOW POC
3.8 Mar 13

Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated low severity (CVSS 3.8), this

CVE-2026-52837 MEDIUM
6.9 Jul 14

The reschedule endpoint in Easy!Appointments 1.5.2 and earlier exposes the complete customer database record to any part

Share

CVE-2026-55651 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy