CVE-2026-52839 Easy!Appointments appointments/store and appointments/update allow cross-provider appointment injection — Authorization Bypass
Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 correctly filter provider-scoped appointments in the appointments/search response, proving that provider isolation is an intended security boundary. However, the direct mutation endpoints appointments/store and...