MEDIUM 4.3
PYSEC-2026-1990
trytond allows remote attackers to obtain sensitive trace-back (server setup) information
Details
Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-66422 [ADVISORY]
- https://discuss.tryton.org/t/security-release-for-issue-14354/8950 [WEB]
- https://foss.heptapod.net/tryton/tryton/-/issues/14354 [WEB]
- https://github.com/tryton/trytond [PACKAGE]
- https://pypi.org/project/trytond [PACKAGE]
- https://github.com/advisories/GHSA-jqfc-9q34-prhg [ADVISORY]