CVE-2026-34242

high

Description

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17.

References

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hv99-mxm5-q397

https://github.com/WeblateOrg/weblate/commit/5db3a2a2e047ecaab627a8731cd744a30b2f51d3

Details

Source: Mitre, NVD

Published: 2026-04-15

Updated: 2026-04-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.7

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00013