CVE-2026-21889

Опубликовано: 14 янв. 2026

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2.

Ссылки

https://github.com/WeblateOrg/weblate/commit/a6eb5fd0299780eca286be8ff187dc2d10feec47
Patch
https://github.com/WeblateOrg/weblate/pull/17516
Issue Tracking
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3g2f-4rjg-9385
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*

Версия до 5.15.2 (исключая)

EPSS

Процентиль: 15%

0.00048

Низкий

7.5 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo

Связанные уязвимости

CVE-2026-21889

CVSS3: 7.5

debian

3 месяца назад

Weblate is a web based localization tool. Prior to 5.15.2, the screens ...

GHSA-3g2f-4rjg-9385

github