Skip to main content

Pretix Computop

1 CVEs product

Monthly

CVE-2026-13223 MEDIUM PATCH This Month

Payment response replay in the pretix-computop integration allows an unauthenticated network attacker to obtain multiple valid event tickets by paying only once. The Pretix Computop plugin fails to bind successful payment status responses to their originating transaction, so a response captured from a completed payment can be submitted against any other pending order. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified, though the vendor disclosed the issue alongside a fix on 2026-06-25.

Information Disclosure Pretix Computop
NVD
CVSS 4.0
6.3
EPSS
0.3%
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Payment response replay in the pretix-computop integration allows an unauthenticated network attacker to obtain multiple valid event tickets by paying only once. The Pretix Computop plugin fails to bind successful payment status responses to their originating transaction, so a response captured from a completed payment can be submitted against any other pending order. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified, though the vendor disclosed the issue alongside a fix on 2026-06-25.

Information Disclosure Pretix Computop
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy