MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.
"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2026-675.yaml"