CVE-2026-57532
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering and editing libraries used, this is one of the few pages in our backend that do not have a strong Content-Security-Policy that would render this capability useless for most scenarios.
| CWE | CWE-80 |
| Vendor | pretix |
| Product | pretix |
| Published | Jun 25, 2026 |
| Last Updated | Jun 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for pretix pretix
Be the first to know when new unknown vulnerabilities affecting pretix pretix are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
pretix / pretix
0 < 2026.3.4 2026.4.0 < 2026.4.4 2026.5.0 < 2026.5.2