Researchers at Novee Security disclosed CVE-2026-41241, a high-severity stored XSS vulnerability in Pretalx that could let any registered speaker execute malicious JavaScript in an organizer’s browser when they search for a submission. The issue affected a widely used conference CFP and scheduling platform, was patched in Pretalx 2026.1.0, and could be abused across many Pretalx-powered events simultaneously. #Pretalx #CVE-2026-41241 #NoveeSecurity
Keypoints
- Novee Security disclosed a high-severity stored XSS flaw in Pretalx.
- The issue is tracked as CVE-2026-41241.
- A registered speaker could trigger malicious code through organizer searches.
- The vulnerability could impact many conferences using the same Pretalx codebase.
- Pretalx version 2026.1.0 includes the patch for the flaw.