Pretix · Pretix · CVE-2026-9712
**Name of the Vulnerable Software and Affected Versions**
pretix (affected versions not specified)
**Description**
An insecure direct object reference exists when creating exports through the API. API clients receive a UUID (Universally Unique Identifier) for export jobs to request the actual file for download. A specific API endpoint fails to verify if the provided UUID belongs to a file intended for download or if it belongs to the requesting user. Exploitation requires the attacker to obtain a valid UUID for the target file, which typically necessitates access to system logs or a separate security breach.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.