CVE-2026-5600

🗓️ 08 Apr 2026 12:24:51Reported by rami.ioType

CVE-2026-5600: API endpoint returns all organizer check-in events instead of one, exposing ticket scan data.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2026-5600	8 Apr 202612:24	–	attackerkb
Circl	CVE-2026-5600	8 Apr 202604:16	–	circl
CNNVD	pretix 安全漏洞	8 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-5600	8 Apr 202612:24	–	cvelist
EUVD	EUVD-2026-20463	8 Apr 202615:31	–	euvd
Github Security Blog	pretix: API leaks check-in data between events of the same organizer	8 Apr 202615:31	–	github
NVD	CVE-2026-5600	8 Apr 202613:16	–	nvd
OSV	GHSA-WR8Q-C73G-M7GP pretix: API leaks check-in data between events of the same organizer	8 Apr 202615:31	–	osv
OSV	PYSEC-2026-111	8 Apr 202613:16	–	osv
Positive Technologies	PT-2026-31303	8 Apr 202600:00	–	ptsecurity

NVD

Node

pretix pretixRange2025.10.0–2026.1.2

pretix pretixRange2026.2.0–2026.2.1

pretix pretixRange2026.3.0–2026.3.1

[
  {
    "vendor": "pretix",
    "product": "pretix",
    "collectionURL": "https://pypi.python.org",
    "packageName": "pretix",
    "versions": [
      {
        "status": "affected",
        "version": "2025.10.0",
        "lessThan": "2026.1.2",
        "versionType": "python"
      },
      {
        "status": "affected",
        "version": "2026.2.0",
        "lessThan": "2026.2.1",
        "versionType": "python"
      },
      {
        "status": "affected",
        "version": "2026.3.0",
        "lessThan": "2026.3.1",
        "versionType": "python"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
pretix	www.pretix.eu/about/en/blog/20260408-release-2026-3-1/

24 Apr 2026 17:46Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.14.3

CVSS 45.5

EPSS0.00011

SSVC

CWE-653