Session Management Flaw in Pretix Payment Integration Plugin by Pretix
CVE-2026-13602
7.7HIGH
Key Information:
- Vendor
Pretix
- Vendor
- CVE Published:
- 1 July 2026
What is CVE-2026-13602?
The Pretix payment integration plugins contain vulnerabilities that allow an attacker to exploit session management flaws. By manipulating cryptographically signed session parameters, an attacker can gain unauthorized access to backend systems and impersonate any user. The issue arises from insufficient validation of session parameters, enabling potential parameter injection attacks. Additionally, the overlap in cryptographic keys across system features can lead to exploitation. Affected plugins have been updated to implement strict validation measures, ensuring that only legitimate session parameters are processed and enhancing overall security.
Affected Version(s)
pretix 4.14.0 < 2026.3.5
pretix 2026.4.0 < 2026.4.5
pretix 2026.5.0 < 2026.5.3
