Primary

Context

Weblate Translation Memory API Access Control Vulnerability

Vulnerability

Patched

A vulnerability exists in Weblate, a web-based localization tool, in versions prior to 5.17. The issue arises from the translation memory API, which exposed unintended endpoints without proper access control. This flaw could potentially allow unauthorized access to certain data or functionalities. The vulnerability has been addressed in version 5.17. For users unable to update immediately, the CDN add-on, which enables this feature, can be disabled as it is not activated by default.

Impact

Exploitation of this vulnerability could lead to unauthorized access to translation memory data, allowing for arbitrary local file reads outside the repository, according to GitHub.

Remediation

Users can update to Weblate version 5.17 to address this vulnerability. If an immediate update is not possible, the CDN add-on can be disabled, as it is not enabled by default.

Added: Apr 15, 2026, 7:56 PM

Updated: Apr 15, 2026, 7:56 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.5

remediation

7.9

relevance

5.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.5

remediation

7.9

relevance

5.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weblate Translation Memory API Access Control Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Weblate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating