Weblate Localization Tool Vulnerability in User-Provided Content
CVE-2026-44264

4.3MEDIUM

Key Information:

Vendor

Weblateorg

Status
Weblate
Vendor
CVE Published:
7 May 2026

What is CVE-2026-44264?

Weblate, a popular web-based localization tool, had a vulnerability in its Markdown renderer prior to version 5.17.1. This issue arose from inadequate sanitization of certain attributes in user comments and other user-generated content, potentially allowing malicious users to inject harmful scripts or content. The vulnerability was addressed in version 5.17.1, which includes enhanced sanitization measures to protect against such risks.

Affected Version(s)

weblate < 5.17.1

References

https://github.com/WeblateOrg/weblate/security/advisories...
x_refsource_CONFIRM
https://github.com/WeblateOrg/weblate/pull/19259
x_refsource_MISC
https://github.com/WeblateOrg/weblate/commit/85abc9df88b7...
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.