{"id":"PYSEC-2026-658","summary":"Mailman Sensitive Information Disclosure","details":"Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.","aliases":["CVE-2004-0412","GHSA-hj4h-vqpq-95wg"],"modified":"2026-07-06T08:00:43.408562629Z","published":"2026-07-02T14:13:18.155048Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2004-0412"},{"type":"WEB","url":"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/16256"},{"type":"WEB","url":"https://gitlab.com/mailman"},{"type":"WEB","url":"http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842"},{"type":"WEB","url":"http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html"},{"type":"WEB","url":"http://marc.info/?l=bugtraq&m=109034869927955&w=2"},{"type":"WEB","url":"http://secunia.com/advisories/11701"},{"type":"WEB","url":"http://security.gentoo.org/glsa/glsa-200406-04.xml"},{"type":"WEB","url":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051"},{"type":"WEB","url":"http://www.securityfocus.com/bid/10412"},{"type":"PACKAGE","url":"https://pypi.org/project/mailman"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-hj4h-vqpq-95wg"}],"affected":[{"package":{"name":"mailman","ecosystem":"PyPI","purl":"pkg:pypi/mailman"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.5"}]}],"versions":["3.0.0b3-"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/mailman/PYSEC-2026-658.yaml"}}],"schema_version":"1.7.5"}