Description

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so exploiting this is unlikely with the default API rate limits. This issue has been fixed in version 5.17.

INFO

Published Date :

2026-04-15T17:48:17.842Z

Last Modified :

2026-04-15T18:09:01.991Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33212 vulnerability.

Vendors Products
Weblate
  • Weblate
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33212.

URL Resource
https://github.com/WeblateOrg/weblate/commit/4e06b12cd05d087db68384e09d5f70fe883f2b70 cve-icon cve-icon
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-vj45-x3pj-f4w4 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact