Primary

Context

Weblate Webhook Payload Vulnerability Allowing Unauthorized Repository Updates

Vulnerability

Patched

A vulnerability in Weblate, a web-based localization tool, allows for unauthorized repository updates via a crafted webhook payload. This issue affects Weblate versions prior to 5.15. The vulnerability arises from an over-permissive webhook endpoint that enables mass repository updates and component enumeration. Exploitation of this vulnerability does not require any privileges, user interaction, or special attack vectors.

Impact

Exploitation of this vulnerability could lead to unauthorized updates of multiple repositories, potentially allowing for malicious changes to be introduced across these repositories.

Remediation

Users can update to Weblate version 5.15, where this vulnerability has been patched. Alternatively, webhooks can be disabled completely using the ENABLE_HOOKS option to avoid this vulnerability.

Added: Dec 16, 2025, 1:27 AM

Updated: Dec 16, 2025, 1:27 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

8.1

remediation

8.3

relevance

1.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

8.1

remediation

8.3

relevance

1.5

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weblate Webhook Payload Vulnerability Allowing Unauthorized Repository Updates

Vulnerability

Impact

Remediation

Affected Products

Weblate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating