Skip to main content

pretix-oppwa EUVDEUVD-2026-39414

| CVE-2026-13222 MEDIUM
Improper Enforcement of Behavioral Workflow (CWE-841)
2026-06-25 rami.io GHSA-x48c-p6xp-x2xg
6.3
CVSS 4.0 · Vendor: rami.io
Share

Severity by source

Vendor (rami.io) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.7 LOW

AV:N because exploitation is performed remotely via callback replay; AC:H because a prior legitimate payment is a hard prerequisite; PR:N since any public user can make a payment; no confidentiality or availability impact, only limited integrity loss.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Primary rating from Vendor (rami.io).

CVSS VectorVendor: rami.io

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 25, 2026 - 16:03 EUVD
Analysis Generated
Jun 25, 2026 - 15:18 vuln.today

DescriptionCVE.org

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

AnalysisAI

Payment response replay vulnerability in the pretix-oppwa integration allows a remote attacker to reuse a legitimate Oppwa payment confirmation from one transaction to authorize separate, unpaid orders - effectively obtaining multiple valid event tickets with a single payment. All known versions of the pretix-oppwa plugin (cpe:2.3:a:pretix:pretix-oppwa:*) are affected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Complete one legitimate Oppwa payment
Delivery
Capture successful payment status callback
Exploit
Submit captured response to unpaid order endpoint
Execution
Plugin accepts response without order binding check
Persist
Receive valid ticket for unpaid order
Impact
Repeat for additional unpaid orders

Vulnerability AssessmentAI

Exploitation The attacker must have completed at least one successful, real payment through the Oppwa-integrated checkout on the target pretix instance in order to obtain a valid payment status response to replay. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.3 (Medium) accurately reflects the practical barriers: AC:H and AT:P together require the attacker to first complete a genuine Oppwa payment and obtain its success callback, which is not a trivially automated precondition. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker purchases one event ticket legitimately through an Oppwa-integrated pretix checkout, capturing or logging the successful payment status callback delivered to the pretix-oppwa endpoint. The attacker then replays that same valid response against one or more separate, unpaid orders in the same pretix instance, causing the platform to mark those orders as paid and issue valid tickets without any corresponding financial transaction.
Remediation The primary fix is to upgrade the pretix-oppwa plugin to the version released alongside Pretix 2026-5.2, as documented at https://pretix.eu/about/en/blog/20260625-release-2026-5-2/. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39414 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy