CVE-2026-34242

HIGH CVSS 7.7 View on NVD ↗

Description

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

https://github.com/WeblateOrg/weblate/commit/5db3a2a2e047ecaab627a8731cd744a30b2f51d3
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hv99-mxm5-q397

Published: Apr 15, 2026 19:16 UTC Modified: Apr 15, 2026 19:16 UTC