Vulnerability in Pretix

CVE-2026-5600

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information…

EPSS: 0.000 (1.5th percentile) — read the EPSS interpretation.

Affected products

  • Pretix — versions 2025.10.0, 2026.2.0, 2026.3.0

Weakness classification (CWE)

References