PYSEC-2026-2964

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/products-cmfplone/PYSEC-2026-2964.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2964
Aliases
Published
2026-07-09T16:49:46.423703Z
Modified
2026-07-13T16:43:05.451573089Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
  • 8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Plone unauthorized member addition vulnerability
Details

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.

References

Affected packages

PyPI / products-cmfplone

Package

Name
products-cmfplone
View open source insights on deps.dev
Purl
pkg:pypi/products-cmfplone

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.3.0
Fixed
4.3.7
Introduced
5.0a1
Fixed
5.0rc2

Affected versions

4.*
4.0b1
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.0.1
4.2.1
4.2.1.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3a1
4.3a2
4.3b1
4.3b2
4.3rc1
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.4.1
4.3.5
4.3.6
5.*
5.0a1
5.0a2
5.0a3
5.0b1
5.0b1.post1
5.0b2
5.0b3
5.0b4
5.0rc1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/products-cmfplone/PYSEC-2026-2964.yaml"