CVE-2026-41241
Last modified
CVE-2026-41241 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields (which includes any registered user whose display name is looked up by an administrator) could include HTML or JavaScript that would execute in an organiser's browser when the organiser's search query matched the malicious record. This vulnerability is fixed in 2026.1.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pretalx | Pretalx | < 2026.1.0 |
References
- https://github.com/pretalx/pretalx/security/advisories/GHSA-cjcx-jfp2-f7m2Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-41241?
How severe is CVE-2026-41241?
How do I fix CVE-2026-41241?
Are you affected by CVE-2026-41241?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST