CVE-2026-34393 — Improper Privilege Management in Weblate

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.0%

top 88.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Weblateorg Weblate Weblate

Timeline

PublishedApr 15

Latest updateApr 16

Description

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶PyPIweblate/weblate< 5.17

▶CVEListV5weblateorg/weblate< 5.17

🔴Vulnerability Details

VulDB

weblate up to 5.16 API Endpoint privileges management (GHSA-3382-gw9x-477v)↗2026-04-16

▶

GHSA

Weblate: Privilege escalation in the user API endpoint↗2026-04-16

▶