Improper input validation in Pretix

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: * The payment integration plugins Stripe (included in the core system), preti…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

Affected products

Weakness classification (CWE)

References