CVE-2026-13223
MediumCVSS 6.3Summary
The payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.
Risk Assessment
The risk involves the possibility of obtaining unauthorized access to multiple tickets or services without paying the full cost, leading to financial losses and system integrity compromise.
Recommendation
Implement a mechanism that binds the payment status response to a unique transaction identifier to prevent reuse of the same response for different payments.
Original NVD description (English source)
Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

