PT-2026-30436 · Venueless · Venueless
Pratik Karan
·
Published
2026-04-05
·
Updated
2026-04-05
·
CVE-2026-5599
CVSS v4.0
7.3
High
| Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
venueless versions (affected versions not specified)
Description
A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds. The issue involves the ability to delete user accounts across different instances via the API.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Venueless