Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate

Key Points:

• High-severity vulnerability (CVE-2026-41241) in Pretalx allows registered speakers to execute stored XSS attacks, compromising organizers’ accounts upon searching for submissions.
• The flaw affects numerous conferences using the same Pretalx codebase, enabling widespread exploitation with a potential 100% acceptance rate for malicious submissions.
• Immediate patching to version 2026.1.0 is recommended to mitigate this vulnerability and prevent automated exploitation.

Technical Details: CVE-2026-41241 is a stored XSS vulnerability that can be exploited by submitting booby-trapped proposals, leading to unauthorized script execution in organizers' browsers when they search for submissions.

MITRE ATT&CK Techniques:

• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
• T1203 - Exploit Public-Facing Application (Initial Access)

IOCs Mentioned: None mentioned.