Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.
"https://github.com/pypa/advisory-database/blob/main/vulns/mailman/PYSEC-2026-658.yaml"