CVE-2026-39845

CVSS v3.1

4.1

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17

Description The webhook add-on fails to utilize existing Server-Side Request Forgery (SSRF) protections. SSRF is a flaw that allows an attacker to induce the server-side application to make requests to an unintended location.

Recommendations Update to version 5.17. As a temporary workaround, disable the webhook add-on.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-39845

GHSA-F8HV-G549-HWG2

PYSEC-2026-156

Affected Products

Weblate

CVE-2026-39845

Weakness Enumeration

Related Identifiers

Affected Products

References · 7