Improper input validation in Pretix Venueless

CVE-2026-4982

A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by t…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (31.4th percentile) — read the EPSS interpretation.