How to guarantee a speaker gig: Hack the system. Literally
A security researcher discovered a vulnerability in the pretalx platform that allowed him to manipulate conference speaker submissions. By exploiting this flaw, he was able to secure speaking engagements at multiple tech conferences without submitting malicious content. The vulnerability has since been patched, and the researcher emphasized responsible disclosure to affected conferences.
- ▪The vulnerability, identified as CVE-2026-41241, is a stored cross-site scripting (XSS) flaw in the pretalx platform.
- ▪The researcher, Elad Meged, used the flaw to auto-apply for 40 conferences and was accepted to present at all of them.
- ▪The flaw was patched in April 2026, and the researcher followed up with conferences to ensure responsible disclosure.
Opening excerpt (first ~120 words) tap to expand
(function() { let windowUrl = window.location.href; windowUrl = windowUrl.substring(windowUrl.indexOf('?') + 1); let messageElement = document.querySelector('.shareableMessage'); if (windowUrl && windowUrl.includes('code') && windowUrl.includes('expires')) { messageElement.style.display = 'block'; } })(); Security How to guarantee a speaker gig: Hack the system. Literally Make your mark on the call-for-proposal platform Jessica Lyons Jessica Lyons Published wed 27 May 2026 // 13:00 UTC A security researcher found a foolproof way to guarantee tech conferences accept his speaker submissions: hack their systems.CVE-2026-41241 is a stored cross-site scripting (XSS) vulnerability in pretalx, a popular open source tool that conference organizers use to manage speaker submissions and schedules,…
Excerpt limited to ~120 words for fair-use compliance. The full article is at www.theregister.com - Articles.
Discussion
0 commentsMore from www.theregister.com - Articles
