{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-13602/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-07-01T15:27:00.431Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-13602","@id":"https://www.cve.org/CVERecord?id=CVE-2026-13602","description":"We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data:\n\n\n\n\n\n\n\n  *  \n\n\nThe payment integration plugins Stripe (included in the core system), pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect, pretix-sofort, and pretix-saferpay\n contain a code path that is intended for the transport of session \nparameters from a tab with isolated cookies (e.g. in the pretix widget) \nto a new ta"},"products":[{"@id":"cpe:2.3:a:pretix:pretix:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:pretix:pretix:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:pretix:pretix-mollie:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:pretix:pretix-mollie:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:pretix:pretix-oppwa:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:pretix:pretix-oppwa:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:pretix:pretix-bitpay:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:pretix:pretix-bitpay:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:pretix:pretix-payone:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:pretix:pretix-payone:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:pretix:pretix-secuconnect:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:pretix:pretix-secuconnect:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:pretix:pretix-sofort:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:pretix:pretix-sofort:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:pretix:pretix-saferpay:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:pretix:pretix-saferpay:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 1.0.4, 1.4.2, 1.4.3, 1.4.4, 1.5.3, 1.6.3, 2.5.7, 2026.3.5, 2026.4.5, 2026.5.3.","timestamp":"2026-07-01T15:27:00.431Z"}]}