CVE-2026-57535_CVE-2026-57535

2.1 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Description

Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src
attribute of these images pointed to an URL, the PDF rendering engine
would download the image from that place and display it, thereby leaking
information about the rendering server and possibly creating an SSRF
vector in the local network.

Basic Information

ID CVE-2026-57535

Source rami.io

Published Jun 25, 2026 at 14:29

Modified Jun 25, 2026 at 15:10

Affected Product

Vendor pretix

Product pretix

Affected Versions pretix pretix 0
pretix pretix 2026.4.0
pretix pretix 2026.5.0

CWE Classification

CWE-80

References

pretix.eu /about/en/blog/20260625-release-2026-5-2/

{
    "lastseen": "",
    "description": "Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src\n attribute of these images pointed to an URL, the PDF rendering engine \nwould download the image from that place and display it, thereby leaking\n information about the rendering server and possibly creating an SSRF \nvector in the local network.",
    "published": "2026-06-25T14:29:18.531Z",
    "modified": "2026-06-25T15:10:48.584Z",
    "type": "cve",
    "title": "CVE-2026-57535",
    "source": "rami.io",
    "references": "https://pretix.eu/about/en/blog/20260625-release-2026-5-2/",
    "id": "CVE-2026-57535",
    "bulletinFamily": "",
    "cwe": [
        "CWE-80"
    ],
    "cvelist": null,
    "sourceData": "pretix pretix 0\npretix pretix 2026.4.0\npretix pretix 2026.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 2.1,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pretix",
    "version": "0",
    "vendor": "pretix",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}