CVE-2026-13602: We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: * The payment inte
We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data:
-
The payment integration plugins Stripe (included in the core system), pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect, pretix-sofort, and pretix-saferpay
contain a code path that is intended for the transport of session
parameters from a tab with isolated cookies (e.g. in the pretix widget)
to a new tab. For this purpose, a set of session parameters is
cryptographically signed and then passed to the new tab as a URL
parameter. The plugins perform no further validation of the session
parameters, other than the cryptographic signature being valid. This is
fixed with the releases issued today by strictly validating that no
session parameters outside of the scope of the respective plugin may be
set.
-
An unrelated feature in the core system is used to generate redirect links that obfuscate any Referer
headers for outgoing links to prevent leakage of secrets in URLs. This
redirect page also requires cryptographically signed parameters.
Unfortunately, it uses the same key and salt for the signature as the
previously mentioned feature in the payment integration plugins. A
motivated attacker with access to at least one event in the backend can
trick the system into cryptographically signing arbitrary content using
specially crafted links. In combination with the previous issue, the
attacker could use this to set and modify arbitrary parameters on their
user session by injecting the signed parameters into the feature of the
payment providers. This is fixed with the releases issued today by using
different salts for the signature for each plugin and feature.
-
A third, unrelated feature in the core system is used for admin users
to act on behalf of another user, mostly for debugging purposes. With
being able to insert arbitrary parameters into
Details
Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-13602
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-136020.24% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 15% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-13602 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for We found a
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- mediumCVE-2026-15471: A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown par…nvd · 2026-07-12
- mediumCVE-2026-15470: A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue…nvd · 2026-07-12
- mediumCVE-2026-15376: A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown func…nvd · 2026-07-10
- mediumCVE-2026-15375: A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknow…nvd · 2026-07-10
- mediumCVE-2026-15374: A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown functio…nvd · 2026-07-10
- criticalCVE-2026-15143: A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability…nvd · 2026-07-10
More from NVD Recent CVEs
- mediumCVE-2026-15475: A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element i…2026-07-12
- mediumCVE-2026-15474: A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an un…2026-07-12
- mediumCVE-2026-15473: A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects som…2026-07-12
- mediumCVE-2026-15472: A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability aff…2026-07-12
- mediumCVE-2026-15471: A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown par…2026-07-12