Primary

Context

Weblate Long Session Expiry Vulnerability in Two-Factor Authentication

Vulnerability

Patched

A vulnerability exists in Weblate versions prior to 5.13.1, where the session expiry during second-factor verification is excessively long. This prolonged expiry can be exploited to bypass rate limiting on the second factor, potentially leading to abuse of the authentication process.

Impact

The extended session expiry during two-factor authentication verification can be exploited to circumvent rate limiting, allowing for repeated authentication attempts without delay.

Remediation

Users can upgrade to Weblate version 5.13.1 to address this vulnerability. Instructions for updating can be found in the Weblate documentation.

Added: Sep 5, 2025, 12:19 AM

Updated: Sep 5, 2025, 12:19 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weblate Long Session Expiry Vulnerability in Two-Factor Authentication

Vulnerability

Impact

Remediation

Affected Products

Weblate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating