Security Researcher Exploits XSS Flaw in pretalx to Auto-Accept Conference Talks A security researcher discovered a critical stored cross-site scripting (XSS) vulnerability (CVE-2026-41241) in pretalx, an open-source tool widely used by tech conferences to manage speaker submissions and schedules. The flaw allowed attackers to inject malicious JavaScript into searchable fields such as submission titles, speaker names, or email addresses which would execute when an organizer conducted a search. Once triggered, the payload could access the organizer’s CSRF token, enabling authenticated requests on their behalf, including data modification or exfiltration. The vulnerability was patched in pretalx 2026.1.0 in April. Elad Meged, founding engineer at AI security startup Novee, identified the flaw while preparing conference submissions. Noticing that multiple events including OffensiveCon, TROOPERS, FOSDEM, HEXACON, and Recon used the same pretalx-based system, he tested the exploit by submitting 40 automated proposals under the intentionally bland title "Securing Modern Web Apps." All were accepted, demonstrating the flaw’s potential for abuse. Meged’s team validated the exploit in a local environment, avoiding live testing on public instances. While no active exploitation was detected, the vulnerability posed a serious risk: organizer-level access could have enabled attackers to alter submissions, impersonate staff, or launch phishing campaigns from trusted conference systems. The research leveraged AI-assisted tools to scale discovery, fingerprinting vulnerable deployments, and adapt exploit paths across different pretalx versions. Meged emphasized that while the core vulnerability was simple to exploit, automated agentic systems were crucial for mapping internet-wide exposure and managing responsible disclosure. Tobias Kunze, pretalx’s creator, confirmed receiving 11 security findings from Meged, classifying one as critical and others as non-vulnerability bugs with fixes. The disclosure process was described as professional and collaborative. No evidence suggests the flaw was exploited before Novee’s report.