Primary

Context

Weblate Improper Access Control Vulnerability in Tasks API

Vulnerability

Patched

A vulnerability exists in Weblate versions prior to 5.17, where the tasks API failed to properly verify user access for pending tasks. This oversight could allow users to access logs of ongoing operations that are outside their permitted scope. Although the vulnerability requires brute-forcing the random UUID of the task, making exploitation unlikely under normal API rate limits, it still poses a risk of exposing sensitive information.

Impact

The vulnerability could lead to unauthorized access to logs of in-progress operations, potentially allowing users to view sensitive information related to tasks they do not have permission to access.

Remediation

Users can upgrade to Weblate version 5.17 or later to address this vulnerability.

Added: Apr 15, 2026, 7:14 PM

Updated: Apr 15, 2026, 7:14 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

4.9

remediation

7.7

relevance

6.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

4.9

remediation

7.7

relevance

6.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weblate Improper Access Control Vulnerability in Tasks API

Vulnerability

Impact

Remediation

Affected Products

Weblate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating