Weblate Localization Tool Vulnerability in Affected Versions
CVE-2026-44263

4.3MEDIUM

Key Information:

Vendor

Weblateorg

Status
Weblate
Vendor
CVE Published:
7 May 2026

What is CVE-2026-44263?

Weblate, a web-based localization tool, previously contained a vulnerability where the screenshots, tasks, and component link API could be exploited to enumerate translations in a project that should not have been accessible to the user. This flaw posed a risk of unauthorized access to sensitive translation data. This issue has been resolved in version 5.17.1, ensuring that only authorized users can access project translations.

Affected Version(s)

weblate < 5.17.1

References

https://github.com/WeblateOrg/weblate/security/advisories...
x_refsource_CONFIRM
https://github.com/WeblateOrg/weblate/pull/19258
x_refsource_MISC
https://github.com/WeblateOrg/weblate/commit/6cf892c7bd50...
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.