Improper input validation in Pretix
CVE-2026-13602
We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: * The payment integration plugins Stripe (included in the core system), preti…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
Affected products
- Pretix — versions 4.14.0, 2026.4.0, 2026.5.0
- Pretix Pretix-bitpay — versions 0
- Pretix Pretix-mollie — versions 0
- Pretix Pretix-oppwa — versions 0
- Pretix Pretix-payone — versions 0
- Pretix Pretix-saferpay — versions 0
- Pretix Pretix-secuconnect — versions 0
- Pretix Pretix-sofort — versions 0
Weakness classification (CWE)
References
- 655498c3-6ec5-4f0b-aea6-853b334d05a6 (vendor-advisory)