Primary

Context

Weblate Improper Access Control Vulnerability in Translation Memory API

Vulnerability

Patched

A vulnerability exists in Weblate versions prior to 5.17, where the translation memory API unintentionally exposed endpoints without proper access control. This flaw could allow unauthorized access to translation memory data. The issue has been addressed in version 5.17. For users unable to update immediately, a workaround is available by blocking access to the '/api/memory/' endpoint on the HTTP server.

Impact

The vulnerability could lead to unauthorized access to translation memory data via the API.

Remediation

Users can update to Weblate version 5.17 to address this vulnerability. If an immediate update is not possible, access to the '/api/memory/' endpoint can be blocked on the HTTP server to remove this feature.

Added: Apr 15, 2026, 6:44 PM

Updated: Apr 15, 2026, 6:44 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

5.5

remediation

7.9

relevance

6.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

5.5

remediation

7.9

relevance

6.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weblate Improper Access Control Vulnerability in Translation Memory API

Vulnerability

Impact

Remediation

Affected Products

Weblate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating