The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.
"https://github.com/pypa/advisory-database/blob/main/vulns/zope/PYSEC-2026-760.yaml"