How to guarantee a speaker gig: Hack the system. Literally

A security researcher discovered CVE-2026-41241, a stored XSS vulnerability in pretalx (conference management software) that could execute attacker-controlled JavaScript in organizer interfaces, expose CSRF tokens, and enable organizer-level actions such as modifying submissions or impersonating staff; the flaw was responsibly disclosed and fixed in pretalx 2026.1.0, and while many public deployments exist the researcher found no evidence of malicious real-world exploitation.