PYSEC-2026-734

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2026-734.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-734
Aliases
Published
2026-07-02T14:13:20.849677Z
Modified
2026-07-06T08:00:50.589614011Z
Summary
Plone CMS Improper Session Management
Details

Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

References

Affected packages

PyPI / plone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2026-734.yaml"