PYSEC-2026-1802

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pretix/PYSEC-2026-1802.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1802
Aliases
Published
2026-07-07T16:03:13.656286Z
Modified
2026-07-07T17:48:07.157461282Z
Severity
  • 3.8 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U CVSS Calculator
Summary
pretix has Broken Access Control Allowing Cross-User File Access via UUID
Details

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.

References

Affected packages

PyPI / pretix

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2025.8.3
Introduced
2025.9.0
Fixed
2025.9.3
Introduced
2025.10.0
Fixed
2025.10.1

Affected versions

1.*
1.0.0b1
1.0.0b2
1.0.0
1.1.0
1.1.1
1.1.2
1.1.3
1.2.0
1.2.1.post2
1.2.2
1.3.0
1.3.0.post1
1.3.1
1.4.0
1.4.1
1.5.0
1.5.1
1.5.2
1.6.0
1.6.1
1.6.2
1.7.1
1.7.2
1.8.0
1.8.1
1.9.0
1.9.1
1.10.0
1.10.1
1.11.0
1.11.1
1.12.0
1.12.1
1.13.0
1.13.1
1.14.0
1.15.0
1.15.1
1.15.2
1.16.0
1.17.0
1.17.1
2.*
2.0.0
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.8.2
3.*
3.0.0
3.0.1
3.1.0
3.2.0
3.3.0
3.4.0
3.5.0
3.6.0
3.6.0.post1
3.7.0
3.8.0
3.9.0
3.10.0
3.11.0
3.11.1
3.12.0
3.12.1
3.13.0
3.13.1
3.14.0
3.14.1
3.14.2
3.15.0
3.16.0
3.17.1
3.17.2
3.18.0
4.*
4.0.0
4.1.0
4.2.0
4.3.0
4.3.1
4.4.0
4.4.1
4.5.0
4.5.1
4.5.2
4.6.0
4.6.1
4.7.0
4.7.1
4.8.0
4.9.0
4.9.1
4.10.0
4.10.1
4.11.0
4.11.1
4.12.0
4.13.0
4.13.1
4.14.0.dev0
4.14.0
4.15.0.dev0
4.15.0
4.15.1
4.16.0
4.16.1
4.17.0
4.17.1
4.18.0
4.18.1
4.18.2
4.18.2.post1
4.19.0
4.20.0
4.20.1
4.20.2.post1
4.20.4
2023.*
2023.6.0
2023.6.1
2023.6.3
2023.7.0
2023.7.1
2023.7.3
2023.8.0
2023.8.1
2023.9.0
2023.9.1
2023.10.0
2023.10.1.post1
2023.10.2
2024.*
2024.1.0
2024.1.1
2024.2.0
2024.3.0
2024.4.0
2024.5.0
2024.5.1
2024.6.0
2024.6.1
2024.7.0
2024.7.1
2024.8.0
2024.9.0
2024.10.0
2024.11.0
2025.*
2025.1.0
2025.2.0
2025.3.0
2025.4.0
2025.5.0
2025.6.0
2025.7.0
2025.7.1
2025.7.2
2025.7.3
2025.8.0
2025.8.1
2025.8.2
2025.9.0
2025.9.1
2025.9.2
2025.10.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/pretix/PYSEC-2026-1802.yaml"