Vulnerability in Pretix Venueless

CVE-2026-5599

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds.

EPSS: 0.001 (17.2th percentile) — read the EPSS interpretation.

Affected products

Pretix Venueless — versions 0.0.0

Weakness classification (CWE)

CWE-653

References

github.com/venueless/venueless/security/advisories/GHSA-gwjc-33fv-2gh4