Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
"https://github.com/pypa/advisory-database/blob/main/vulns/plone-supermodel/PYSEC-2026-737.yaml"