CVE-2026-57536

UNKNOWN 0.0

Insufficient validation of payment status in pretix-mollie

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

CWE	CWE-841
Vendor	pretix
Product	pretix-mollie
Published	Jun 25, 2026
Last Updated	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for pretix pretix-mollie

Be the first to know when new unknown vulnerabilities affecting pretix pretix-mollie are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

pretix / pretix-mollie

0 < 2.5.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

pretix.eu: https://pretix.eu/about/en/blog/20260625-release-2026-5-2/