HTML Injection Vulnerability in Pretix by Pretix GmbH
CVE-2026-57533

2.1LOW

Key Information:

Vendor: Pretix
Status: Pretix
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-57533?

A vulnerability in Pretix allows for the injection of malicious HTML content when users are redirected to untrusted pages. This could be exploited to conduct phishing attacks, as the affected page's Content-Security-Policy may not effectively mitigate such threats, placing users at risk of credential theft and data compromise.

Affected Version(s)

pretix 0 < 2026.3.4

pretix 2026.4.0 < 2026.4.4

pretix 2026.5.0 < 2026.5.2

References

https://pretix.eu/about/en/blog/20260625-release-2026-5-2/

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 24, 2026

Credit

Haxset

CVE-2026-57533 Data

JSON