VDB
KO

PYSEC-2026-658

Mailman Sensitive Information Disclosure

Details

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / mailman
Introduced in: 0 Fixed in: 2.1.5
Fix pip install --upgrade 'mailman>=2.1.5'

References