PYSEC-2026-1459

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/indico/PYSEC-2026-1459.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1459
Aliases
Published
2026-07-07T14:34:48.942607Z
Modified
2026-07-07T17:47:44.640784944Z
Severity
  • 0.0 (None) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS Calculator
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Indico Insecure Access
Details

A Broken Object Level Authorization (BOLA) vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals.

References

Affected packages

PyPI / indico

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.2.9
Fixed
3.3.3

Affected versions

3.*
3.2.9
3.3
3.3.1
3.3.2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/indico/PYSEC-2026-1459.yaml"