Primary

Context

Weblate Private Translation Enumeration Vulnerability via API

Vulnerability

Patched

A vulnerability in Weblate prior to version 5.17.1 allows for private translation enumeration through the screenshots, tasks, and component link APIs. This issue has been addressed in version 5.17.1.

Impact

Exploitation of this vulnerability could lead to unauthorized enumeration of translations in a project that are not accessible to the user.

Reproduction

The vulnerability can be reproduced by making requests to the screenshots API with a project or component that contains translations not accessible to the user. The API will return information about these translations, thereby allowing enumeration of private translation data.

Remediation

Users can upgrade to Weblate version 5.17.1 or later to address this vulnerability.

Added: May 7, 2026, 3:26 PM

Updated: May 7, 2026, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.3

remediation

7.7

relevance

7.7

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.3

remediation

7.7

relevance

7.7

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weblate Private Translation Enumeration Vulnerability via API

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Weblate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating