Formula Injection Vulnerability in Venueless Application
CVE-2026-12862

5.1MEDIUM

Key Information:

Vendor: Pretix
Status: Venueless
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-12862?

A vulnerability exists in the Venueless application where untrusted user data is transferred directly into Excel export files for administrators. This flaw allows for formula injection attacks, enabling malicious users to compromise the environment of anyone who opens the exported file. Consequently, this jeopardizes sensitive data and organizational security, highlighting the need for stringent data validation mechanisms to prevent exploitation.

Affected Version(s)

Venueless 0.0.0 < 0a35457f

References

https://github.com/venueless/venueless/security/advisorie...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 22, 2026

Credit

Rokkam Vamshi

CVE-2026-12862 Data

JSON

Pretix

What is CVE-2026-12862?

Affected Version(s)

References

CVSS V4

Timeline

Credit