CVE-2026-57536

Summary

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

Affected Software

VendorProductVersion RangeStatus
pretixpretix-mollie0 < 2.5.6affected

Weaknesses

  • CWE-841: CWE-841 Improper enforcement of behavioral workflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References