CVE Catalog

CVE-2026-57536

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

Risk Assessment

The risk is the possibility of gaining unauthorized access to multiple tickets without paying the full cost, leading to financial losses and compromise of the booking system's integrity.

Recommendation

Implement a mechanism to verify the uniqueness of payment status responses, such as checking the transaction ID or a one-time token, to prevent reuse of the same response for different payments.

Original NVD description (English source)

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS