LOW
pretix
CVE published 2026-05-27
CVE-2026-9712
## Summary CVE-2026-9712 is a low-severity authorization bypass in pretix, an open-source ticketing software. An API endpoint for downloading export files failed to verify that the requested UUID corresponded to a file intended for download and belonged to the requesting user. This could allow an authenticated attacker with knowledge of a valid file UUID to access files they should not have permission to [truncated]