Zero-Click pretalx XSS Flaw Lets Hackers Hijack Conference Organizer Accounts

Cybersecurity researchers at the firm Novee Security have discovered a dangerous flaw in pretalx, a popular open-source software, which allows cybercriminals to completely hijack organiser accounts without having to click a single link. It is a high-severity stored Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-41241 with a high CVSS score of 8.7.

For your information, pretalx is widely used to run Call for Papers (CFP) processes and scheduling for everything from hacker camps to academic symposiums. The vulnerability was analyzed by Elad Meged, a founding engineer and security researcher at Novee, who noticed that while different events look independent from the outside, they run on the same underlying codebase. This means a single flaw creates systemic exposure across the industry.

Bypassing Content Security Policies

Novee’s blog post, shared with Hackread.com, reveals that the attack vector requires low privileges and low complexity, so any registered user can exploit it simply by planting HTML or JavaScript in the organizer-side search bar dropdown. Basically, the conference website is tricked into running malicious code hidden inside normal presentation submissions.

Researchers explain that pretalx uses a strict Content Security Policy (CSP) featuring script-src ‘self’ with HTML5 innerHTML script suppression to prevent unauthorised code execution. However, attackers can completely bypass these defences through a chained exploit where they upload a .js payload file disguised as normal lecture materials or slides to the CFP platform, and because the file is stored directly on the platform, it adopts the site’s own domain origin. The attacker then places an iframe tag in their submission title:

When an organizer searches for common words like “intro” or “machine learning,” the typeahead search renders the title. The srcdoc attribute creates a fresh document context that bypasses the HTML5 script block. Because pretalx lacks a frame-src directive, the iframe executes the uploaded script, passing the CSP filter. This grants the script full access to the organizer’s session for instant hijacking, data theft, and automated talk acceptance.

The analysis also exposed a secondary technique requiring no JavaScript at all. By placing an image tag in a submission title, the browser automatically makes an authenticated GET request to load the image source. The moment the search results render, this request triggers a superuser-demotion endpoint, permanently revoking the organizer’s admin privileges.

Furthermore, the investigation revealed how threat actors could use automated AI software agents to weaponise this flaw on a bigger scale. They could deploy an agent to scrape public pretalx deployments, generate custom presentation abstracts using large language models (LLMs), and automatically flood dozens of conferences with the malicious payload simultaneously. They just need to target the search terms organisers use most to get their own submissions accepted, theoretically achieving a 100% acceptance rate across 40 or more conferences.

Traditional application security tools fail to catch these attacks. “Static analysis flags innerHTML. DAST scanners replay payloads against forms,” researchers noted, explaining that while tools classify individual bugs as low-risk, they cannot model how an autonomous agent can compose these pieces into a full chain.

Novee has praised the pretalx team and creator Tobias Kunze for a quick and cooperative response as the vulnerability was officially patched on May 27, 2026, in pretalx version v2026.1.0.