HIGHCVE-2026-5599Published Modified CNA rami.io
CVE-2026-5599: API allows deletion of users of other instance
A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds.
Metrics
- CVSS v4.0
- 7.3
- Severity
- HIGH
- Fixed in
- 02b9cbe5
- Affected Products
- 1
Fix available
02b9cbe5
Affected packages
- pretix / Venueless< 02b9cbe5 (from 0.0.0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:HReferences