CVE-2026-33214

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N                                    

Vulnerability Description

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue by blocking access to /api/memory/ in the HTTP server, which removes access to this feature.

Vulnerability Details

Published Date

April 15, 2026

Last Modified

April 15, 2026

CWE ID

CWE-862

Source

NVD

Vendor

WeblateOrg

Product

weblate

External References

https://github.com/WeblateOrg/weblate/pull/18513
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75r

CVE-2026-33214

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment