Primary

Context

Weblate Remote Code Execution Vulnerability During Backup Restoration

Vulnerability

Patched

A remote code execution vulnerability has been identified in Weblate, a web-based localization tool, in versions prior to 5.17. The issue arises because the project backup feature did not properly filter Git and Mercurial configuration files, potentially allowing for remote code execution under certain circumstances. This vulnerability is only accessible to users who can create projects.

Impact

Exploitation of this vulnerability could lead to remote code execution on the server where Weblate is hosted.

Remediation

Users can update to Weblate version 5.17, where this vulnerability has been patched. If an immediate update is not possible, access to the project backup can be restricted, limiting the vulnerability's scope.

Added: Apr 15, 2026, 7:57 PM

Updated: Apr 15, 2026, 7:57 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

5.9

remediation

7.9

relevance

6.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

5.9

remediation

7.9

relevance

6.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weblate Remote Code Execution Vulnerability During Backup Restoration

Vulnerability

Impact

Remediation

Affected Products

Weblate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating