cyberMEDIUM2026-04-24 19:15 UTC

CVE-2026-41426 - pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates

CVE ID :CVE-2026-41426 Published : April 24, 2026, 7:15 p.m. | 42 minutes ago Description :pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HT

ORIGINAL SOURCE →via CVE Feed Latest

⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

[CYBER] In 1965 screens got 1.2 hours a day. Now they get 7. The interface did that.
[CYBER] potential crucial vulnerability?
[CYBER] Firestarter malware survives Cisco firewall updates, security patches
[CYBER] CVE-2026-42171 - NSIS Privilege Escalation Vulnerability
[CYBER] CVE-2026-41488 - angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
[CYBER] CVE-2026-41481 - LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

Editorial policy · Report a correction