CVE Catalog

CVE-2026-13223

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

The payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

Risk Assessment

The risk involves the possibility of obtaining unauthorized access to multiple tickets or services without paying the full cost, leading to financial losses and system integrity compromise.

Recommendation

Implement a mechanism that binds the payment status response to a unique transaction identifier to prevent reuse of the same response for different payments.

Original NVD description (English source)

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS