Promo Code Validation Flaw in Hi.Events by Hi.Events Dev
CVE-2026-57959

8.2HIGH

Key Information:

Vendor: Hieventsdev
Status: Hi.events
Vendor: CVE Published:; 29 June 2026

🔔 Create Hieventsdev Vulnerability Alert

What is CVE-2026-57959?

Hi.Events versions up to 1.9.0 exhibit a vulnerability in the promo code validation mechanism. This flaw allows attackers to bypass usage limits on promo codes, enabling them to redeem codes an unlimited number of times. The issue arises from a race condition between the validation of usage counts and the asynchronous increment of usage statistics. As a result, attackers can exploit this weakness to reserve multiple orders using the same promo code, effectively obtaining discounts on orders without appropriate limitations. This vulnerability poses significant risks to businesses relying on promo codes for sales and discounts, allowing fraudulent transactions through sequential reservations.

Affected Version(s)

Hi.Events 0 <= 1.9.0

References

https://github.com/HiEventsDev/Hi.Events/issues/1223

issue-tracking

https://www.vulncheck.com/advisories/hi-events-promo-code...

third-party-advisory

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 26, 2026

Credit

George Chen

CVE-2026-57959 Data

JSON