CVE-2026-13222

UNKNOWN 0.0

Insufficient validation of payment status in pretix-oppwa

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

CWE	CWE-841
Vendor	pretix
Product	pretix-oppwa
Published	Jun 25, 2026
Last Updated	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for pretix pretix-oppwa

Be the first to know when new unknown vulnerabilities affecting pretix pretix-oppwa are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

pretix / pretix-oppwa

0 < 1.4.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

pretix.eu: https://pretix.eu/about/en/blog/20260625-release-2026-5-2/

Credits

Deepjyoti Roy