Media Export Vulnerability in Gift Card Secrets for Pretix
CVE-2026-11764
3.6LOW
What is CVE-2026-11764?
A vulnerability in Pretix allows unauthorized users to access the secrets of connected gift cards when exporting reusable media. This issue arises from a flaw where the media export includes sensitive gift card secrets despite the user's lack of permissions to view these cards. The system is inconsistent with its user interface and API, which only displays the initial characters of gift card secrets, thus creating a significant security risk by bypassing established permissions.
Affected Version(s)
pretix 2024.1.0 < 2026.3.0
pretix 2026.3.0 < 2026.4.0
pretix 2026.4.0 < 2026.5.0
