PT-2026-41392 · Weblate · Weblate

Published

2026-05-15

·

Updated

2026-06-17

·

CVE-2026-45106

CVSS v3.1

4.6

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Weblate versions prior to 2026.5
Description The live search preview renders the source and context variables as HTML without proper escaping. This allows a contributor to store HTML and CSS that executes within the authenticated editor of any user who performs a matching search.
Recommendations Update to version 2026.5. As a temporary workaround, avoid using the search preview on the affected views.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45106
GHSA-6WXC-8MGQ-W26M
OPENSUSE-SU-2026:11051-1

Affected Products

Weblate