| Summary | Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this feature as the CDN add-on is not enabled by default. |
|---|---|
| Publication Date | April 16, 2026, 4:16 a.m. |
| Registration Date | April 17, 2026, 4:11 a.m. |
| Last Update | April 16, 2026, 4:16 a.m. |
| CVSS3.1 : MEDIUM | |
| スコア | 6.8 |
|---|---|
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃に必要な特権レベル(PR) | 低 |
| 利用者の関与(UI) | 要 |
| 影響の想定範囲(S) | 変更あり |
| 機密性への影響(C) | 高 |
| 完全性への影響(I) | なし |
| 可用性への影響(A) | なし |