Is CVE-2026-57532 in the CISA KEV catalog?

No. CVE-2026-57532 is not currently on the CISA Known Exploited Vulnerabilities list.

What is the CVSS severity of CVE-2026-57532?

CVE-2026-57532 has a CVSS v4 base score of 8.8 (HIGH).

What is the EPSS score for CVE-2026-57532?

CVE-2026-57532 has an EPSS score of 0.33% (25th percentile), estimating the probability of exploitation in the next 30 days.

CVE & CISA-KEV Catalog

CVE-2026-57532

HIGH

8.8

CVSS v4

NVD

Description

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering and editing libraries used, this is one of the few pages in our backend that do not have a strong Content-Security-Policy that would render this capability useless for most scenarios.

CWE-80

CVSS v4 Vector

Exploitability

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

Impact

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Intelligence

0.33%probability of exploitation in 30 days

25thpercentile

Low risk: more likely to be exploited than 25% of all known CVEs.

References

https://pretix.eu/about/en/blog/20260625-release-2026-5-2/

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-25.