Media Export Vulnerability in Gift Card Secrets for Pretix
CVE-2026-11764

3.6LOW

Key Information:

Vendor

Pretix

Status
Vendor
CVE Published:
9 June 2026

What is CVE-2026-11764?

A vulnerability in Pretix allows unauthorized users to access the secrets of connected gift cards when exporting reusable media. This issue arises from a flaw where the media export includes sensitive gift card secrets despite the user's lack of permissions to view these cards. The system is inconsistent with its user interface and API, which only displays the initial characters of gift card secrets, thus creating a significant security risk by bypassing established permissions.

Affected Version(s)

pretix 2024.1.0 < 2026.3.0

pretix 2026.3.0 < 2026.4.0

pretix 2026.4.0 < 2026.5.0

References

CVSS V4

Score:
3.6
Severity:
LOW
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mr. JDH
.