Loading market data...
← Back to CVE feed

CVE-2026-45106

MEDIUM CVSS 4.6 View on NVD ↗

Description

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. This issue has been patched in version 2026.5.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Published: Jun 10, 2026 20:17 UTC Modified: Jun 10, 2026 20:21 UTC