CVE-2026-2415 Unsafe variable evaluation in email templates

🗓️ 16 Feb 2026 10:15:09Reported by rami.ioType

CVE-2026-2415 enables data exfiltration via crafted placeholders and double evaluation in email templates.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2026-2415	16 Feb 202610:15	–	attackerkb
CNNVD	pretix 安全漏洞	16 Feb 202600:00	–	cnnvd
CVE	CVE-2026-2415	16 Feb 202610:15	–	cve
EUVD	EUVD-2026-6097	16 Feb 202612:30	–	euvd
Github Security Blog	pretix unsafely evaluates variables in emails	16 Feb 202612:30	–	github
NVD	CVE-2026-2415	16 Feb 202611:15	–	nvd
OSV	GHSA-R8P8-QW9W-J9QV pretix unsafely evaluates variables in emails	16 Feb 202612:30	–	osv
OSV	PYSEC-2026-110	16 Feb 202611:15	–	osv
Positive Technologies	PT-2026-8331	16 Feb 202600:00	–	ptsecurity
PyPA	PYSEC-2026-110	16 Feb 202611:15	–	pypa

[
  {
    "collectionURL": "https://pypi.org/",
    "defaultStatus": "unaffected",
    "packageName": "pretix",
    "product": "pretix",
    "repo": "https://github.com/pretix/pretix",
    "vendor": "pretix",
    "versions": [
      {
        "lessThan": "2025.9.0",
        "status": "affected",
        "version": "4.16.0",
        "versionType": "python"
      },
      {
        "changes": [
          {
            "at": "2025.9.4",
            "status": "unaffected"
          }
        ],
        "lessThan": "2025.10.0",
        "status": "affected",
        "version": "2025.9.0",
        "versionType": "python"
      },
      {
        "changes": [
          {
            "at": "2025.10.2",
            "status": "unaffected"
          }
        ],
        "lessThan": "2026.1.0",
        "status": "affected",
        "version": "2025.10.0",
        "versionType": "python"
      },
      {
        "lessThan": "2026.1.1",
        "status": "affected",
        "version": "2026.1.0",
        "versionType": "python"
      }
    ]
  }
]

Source	Link
pretix	www.pretix.eu/about/en/blog/20260216-release-2026-1-1/

16 Feb 2026 10:15Current

CVSS 49

EPSS0.00243

CWE-627