CVE-2026-33214

EPSS 0.24%
Veröffentlicht 15.04.2026 17:51:46
Zuletzt bearbeitet 21.04.2026 14:11:09
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Weblate has improper access control for the translation memory API

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue by blocking access to /api/memory/ in the HTTP server, which removes access to this feature.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Weblate ≫ Weblate Version < 5.17

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75r

Patch

Vendor Advisory

Mitigation

https://github.com/WeblateOrg/weblate/pull/18513

Patch

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-33214

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33214

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33214

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33214