Primary

Context

pretix Newsletter Plugin Unsafe Placeholder Evaluation Vulnerability

Vulnerability

Patched

A vulnerability exists in the pretix newsletter plugin, allowing for the exfiltration of sensitive system information through improperly sanitized email placeholders. Users with control over email templates could exploit this to access confidential data such as database passwords and API keys. The issue arises from a flaw in the plugin's placeholder handling, which failed to fully implement existing security measures. As a precaution, users are advised to rotate any passwords and API keys stored in their pretix configuration file.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including system configuration details, database passwords, and API keys.

Remediation

Users of the pretix newsletter plugin should update to version 2.0.1 or 1.6.3, both of which address this vulnerability.

Added: Feb 16, 2026, 12:26 PM

Updated: Feb 16, 2026, 12:26 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.4

remediation

8.3

relevance

3.2

threat

6.4

urgency

10.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.4

remediation

8.3

relevance

3.2

threat

6.4

urgency

10.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

pretix Newsletter Plugin Unsafe Placeholder Evaluation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

pretix

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating