A Broken Object Level Authorization (BOLA) vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals.
"https://github.com/pypa/advisory-database/blob/main/vulns/indico/PYSEC-2026-1459.yaml"