Improper Permissions in VenueLess Room Creation Affects Venueless Platform
CVE-2026-13350

2.3LOW

Key Information:

Vendor: Pretix
Status: Venueless
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-13350?

A vulnerability in the VenueLess platform arises from incorrect permission checks during the creation of rooms. This flaw allows attackers to create rooms of types that they do not have the authorization for, potentially leading to unauthorized access and misuse of platform functionalities. Organizations using the VenueLess platform should take immediate actions to evaluate and strengthen their permission settings to mitigate this risk.

Affected Version(s)

Venueless 0.0.0 < 0a35457f

References

https://github.com/venueless/venueless/security/advisorie...

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 25, 2026

Credit

Rokkam Vamshi

CVE-2026-13350 Data

JSON

Pretix

What is CVE-2026-13350?

Affected Version(s)

References

CVSS V4

Timeline

Credit