Weblate · Weblate · CVE-2026-24126
**Name of the Vulnerable Software and Affected Versions**
Weblate versions prior to 5.16.0
**Description**
Weblate is a web-based localization tool. The SSH management console did not validate input when adding an SSH host key, potentially leading to an argument injection into the `ssh-add` function. This could allow for unauthorized command execution.
**Recommendations**
Versions prior to 5.16.0: Upgrade to version 5.16.0 or later.
Versions prior to 5.16.0: Properly limit access to the management console.