Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.
"https://github.com/pypa/advisory-database/blob/main/vulns/pretix/PYSEC-2026-1803.yaml"