GHSA-3g2f-4rjg-9385

Опубликовано: 14 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 2.3

Описание

Weblate leaks information via screenshots

Impact

The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename.

Patches

https://github.com/WeblateOrg/weblate/pull/17516

References

Thanks to Lukas May and Michael Leu for reporting this.

Ссылки

Пакеты

Наименование

weblate

pip

Затронутые версииВерсия исправления

< 5.15.2

5.15.2

EPSS

Процентиль: 10%

0.00036

Низкий

2.3 Low

CVSS4

CVE ID

CVE-2026-21889

Дефекты

CWE-284

Связанные уязвимости

CVE-2026-21889

CVSS3: 7.5

nvd

24 дня назад

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2.

CVE-2026-21889

CVSS3: 7.5

debian

24 дня назад

Weblate is a web based localization tool. Prior to 5.15.2, the screens ...

EPSS

Процентиль: 10%

0.00036

Низкий

2.3 Low

CVSS4

CVE ID

CVE-2026-21889

Дефекты

CWE-284