CVE-2026-2451P3MEDIUMCVSS 6.5≥ 1.0.0, < 1.3.22026-02-16
CVE-2026-2451 [MEDIUM] CWE-627 CVE-2026-2451: Emails sent by pretix can utilize placeholders that will be filled with customer data. For example,
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name}
is used in an email template, it will be replaced with the buyer's
name for the final email. This mechanism contained a security-relevant bug:
It was possible to exfiltrate information about the pretix system through specially crafted placeh
nvd