A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
"https://github.com/pypa/advisory-database/blob/main/vulns/plone-app-contenttypes/PYSEC-2026-459.yaml"
"< 2.1.6"