A security researcher discovered a guaranteed method to secure speaker gigs at tech conferences by exploiting a vulnerability in pretalx, a popular open-source tool used for managing speaker submissions and schedules. The stored cross-site scripting (XSS) flaw, identified as CVE-2026-41241, allows attackers to inject arbitrary HTML or JavaScript code into searchable fields, including submission titles and speaker display names. This vulnerability enables an attacker to take control of an organizer's session, effectively guaranteeing acceptance of their speaker submissions. The vulnerability is particularly concerning as it can be exploited by any user controlling searchable fields, making it a significant threat to conference organizers using pretalx1. This disclosure expands the active attack surface, and conference organizers should prioritize mitigation based on their exposure and exploitation evidence. The ability to hijack conference submissions poses a significant risk to the integrity of tech conferences, making it essential for organizers to address this vulnerability promptly.