Excel Formula Injection in Pretix Venueless Export (v0.0.0)
CVE-2026-12862 Published on June 22, 2026

XLSX formula injection in exports
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file.

NVD

Weakness Type

Improper Neutralization of Input Leaders

The application does not properly handle when a leading character or sequence ("leader") is missing or malformed, or if multiple leaders are used when only one should be allowed.

Affected Versions

pretix Venueless:

Version 0.0.0 and below 0a35457f is affected.

Excel Formula Injection in Pretix Venueless Export (v0.0.0)CVE-2026-12862 Published on June 22, 2026

Weakness Type

Improper Neutralization of Input Leaders

Affected Versions

Excel Formula Injection in Pretix Venueless Export (v0.0.0)
CVE-2026-12862 Published on June 22, 2026