CVE-2026-12863

MEDIUM

Pretix Venueless < d27864a7 - Open Redirect

Title source: manual
STIX 2.1

Description

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.

Scores

CVSS v4 5.1
EPSS 0.0023
EPSS Percentile 13.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-601
Status published
Products (1)
pretix/Venueless 0.0.0 - d27864a7
Published Jun 22, 2026
Tracked Since Jun 22, 2026