CVE-2026-12863

Summary

An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.

Affected Software

VendorProductVersion RangeStatus
pretixVenueless0.0.0 < d27864a7affected

Weaknesses

  • CWE-601: CWE-601 URL redirection to untrusted site ('open redirect')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References