CVE-2026-12862

UNKNOWN 0.0

XLSX formula injection in exports

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file.

CWE	CWE-148
Vendor	pretix
Product	venueless
Published	Jun 22, 2026
Last Updated	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for pretix venueless

Be the first to know when new unknown vulnerabilities affecting pretix venueless are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

pretix / Venueless

0.0.0 < 0a35457f

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/venueless/venueless/security/advisories/GHSA-5hw3-655h-7m86

Credits

Rokkam Vamshi