{"id":"PYSEC-2026-674","summary":"MoinMoin Improper Privilege Management","details":"MoinMoin 1.2.2 and earlier could allow a remote attacker to gain elevated privileges, caused by an undisclosed Access Control List (ACL) vulnerability in the PageEditor.\n\n","aliases":["CVE-2004-1463","GHSA-9xh4-wpx8-rg2w"],"modified":"2026-07-06T08:00:44.812634316Z","published":"2026-07-02T14:13:18.763018Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2004-1463"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/16832"},{"type":"WEB","url":"http://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801"},{"type":"WEB","url":"http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml"},{"type":"WEB","url":"http://www.osvdb.org/displayvuln.php?osvdb_id=8195"},{"type":"WEB","url":"http://www.securityfocus.com/bid/10801"},{"type":"PACKAGE","url":"https://pypi.org/project/moin"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-9xh4-wpx8-rg2w"}],"affected":[{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.3"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2026-674.yaml"}}],"schema_version":"1.7.5"}