PT-2026-2970 — Weblate

PT-2026-2970 · Pypi · Weblate

Published

2026-01-14

Updated

2026-01-14

CVSS v4.0

2.3

Low

Vector

AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Impact

The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename.

Patches

https://github.com/WeblateOrg/weblate/pull/17516

References

Thanks to Lukas May and Michael Leu for reporting this.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

GHSA-3G2F-4RJG-9385

Affected Products