CVE-2026-33214
Last modified
CVE-2026-33214 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue by blocking access to /api/memory/ in the HTTP server, which removes access to this feature.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Weblate | Weblate | < 5.17 |
References
- https://github.com/WeblateOrg/weblate/pull/18513Issue Tracking, Patch
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75rMitigation, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-33214?
How severe is CVE-2026-33214?
How do I fix CVE-2026-33214?
Are you affected by CVE-2026-33214?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST