_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. The issue has been fixed on 4a7de0173734.
_macro_Getval
wikimacro.py
"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2026-677.yaml"