MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.
"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2026-671.yaml"