The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
"https://github.com/pypa/advisory-database/blob/main/vulns/pulp-ansible/PYSEC-2026-900.yaml"