CVE-2026-21889Improper Access Control in Weblate

CWE-284Improper Access Control4 documents4 sources
Severity
2.3LOWNVD
EPSS
0.0%
top 85.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Weblateorg WeblateWeblate
Timeline
PublishedJan 14

Description

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages3 packages

NVDweblate/weblate< 5.15.2
PyPIweblate/weblate< 5.15.2
CVEListV5weblateorg/weblate< 5.15.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
Weblate leaks information via screenshots2026-01-14
OSV
Weblate leaks information via screenshots2026-01-14

🕵️Threat Intelligence

1
Wiz
CVE-2026-21889 Impact, Exploitability, and Mitigation Steps | Wiz