PT-2026-33113 · Weblate · Weblate
Published
2026-04-15
·
Updated
2026-04-16
·
CVE-2026-33212
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Weblate versions prior to 5.17
Description
The tasks API does not verify user access for pending tasks, which could expose logs of in-progress operations to users without the required scope access. Exploitation requires brute-forcing the random UUID of the task, making it unlikely with default API rate limits.
Recommendations
Update to version 5.17.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Weblate