Open Redirect in Pretix Venueless

CVE-2026-12863

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.

Vulnerability class: Open Redirect

Affected products

Pretix Venueless — versions 0.0.0

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

655498c3-6ec5-4f0b-aea6-853b334d05a6