Primary

Context

Weblate Privilege Escalation Vulnerability in User Patching API Endpoint

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Weblate, a web-based localization tool, affecting versions through 5.17. The issue arises because the user patching API endpoint did not properly restrict the scope of edits, allowing for unauthorized modifications. This vulnerability has been addressed in version 5.17.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation via the user patching API endpoint, enabling attackers to make unauthorized changes or access elevated permissions.

Remediation

Users can upgrade to Weblate version 5.17 to address this vulnerability.

Added: Apr 15, 2026, 7:45 PM

Updated: Apr 15, 2026, 7:45 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.9

remediation

7.7

relevance

5.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.9

remediation

7.7

relevance

5.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weblate Privilege Escalation Vulnerability in User Patching API Endpoint

Vulnerability

Impact

Remediation

Affected Products

Weblate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating