Primary

Context

Pretix Gift Card Secret Exposure Vulnerability

Vulnerability

Patched

A vulnerability in Pretix allows for unauthorized access to gift card secrets during media export. This issue arises when the export feature includes full gift card secrets, contrary to the UI and API, which only display the initial letters of the secrets. The vulnerability affects users who can access reusable media but lack permission to view gift cards, creating a permission bypass. All supported Pretix versions from 2024.1.0 to 2026.5.0, except the fixed versions, are vulnerable.

Impact

Exploitation of this vulnerability leads to unauthorized access to gift card secrets, allowing users to bypass permission restrictions.

Remediation

Users can upgrade to Pretix versions 2026.5.1, 2026.4.3, or 2026.3.3 to address this vulnerability. For those using Pretix Hosted, the vulnerability has already been fixed.

Added: Jun 9, 2026, 1:52 PM

Updated: Jun 9, 2026, 1:52 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.1

exploitability

5.4

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.1

exploitability

5.4

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pretix Gift Card Secret Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

pretix

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating