CVE-2026-57536
MediumCVSS 6.3Summary
Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.
Risk Assessment
The risk is the possibility of gaining unauthorized access to multiple tickets without paying the full cost, leading to financial losses and compromise of the booking system's integrity.
Recommendation
Implement a mechanism to verify the uniqueness of payment status responses, such as checking the transaction ID or a one-time token, to prevent reuse of the same response for different payments.
Original NVD description (English source)
Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

