Unvalidated Redirect Vulnerability in Venueless Social Login Feature
CVE-2026-12863

5.1MEDIUM

Key Information:

Vendor: Pretix
Status: Venueless
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-12863?

A vulnerability exists in Venueless' social login feature that allows attackers to exploit unvalidated redirects. This weakness can be manipulated for phishing attacks by redirecting users to malicious domains, all while appearing to come from trusted sources. Organizations using Venueless should evaluate their security measures and ensure their social login implementations are properly validated to prevent potential exploitation.

Affected Version(s)

Venueless 0.0.0

References

https://github.com/venueless/venueless/security/advisorie...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 22, 2026

Credit

Raju

CVE-2026-12863 Data

JSON

Pretix

What is CVE-2026-12863?

Affected Version(s)

References

CVSS V4

Timeline

Credit