प्लेटफ़ॉर्म
python
घटक
weblate
में ठीक किया गया
5.17.1
5.17
CVE-2026-33212 is an information disclosure vulnerability affecting Weblate versions 5.0.0 through 5.16. The API responsible for managing tasks failed to properly verify user access for pending tasks, potentially exposing sensitive log data. This allows unauthorized users to view logs of in-progress operations, which could contain confidential information. The vulnerability has been resolved in Weblate version 5.17.0.
The primary impact of CVE-2026-33212 is the unauthorized disclosure of task logs within Weblate. An attacker, possessing knowledge of a task's UUID, could potentially access logs detailing in-progress operations. This could reveal sensitive data processed during translation or localization workflows, such as source text, translations, or internal system information. While the attacker needs to guess the UUID, the potential exposure of operational logs represents a significant risk, particularly in environments handling sensitive or regulated content. The blast radius is limited to the scope of the exposed task logs and the information contained within them.
CVE-2026-33212 was published on 2026-04-15. The vulnerability's low CVSS score (3.1) indicates a relatively low probability of exploitation. While a public proof-of-concept (POC) is not currently available, the requirement to guess the task UUID makes widespread exploitation unlikely. There are no indications of active campaigns targeting this specific vulnerability at this time. Refer to the Weblate project's GitHub repository and security advisories for further updates.
एक्सप्लॉइट स्थिति
EPSS
0.01% (1% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-33212 is to upgrade Weblate to version 5.17.0 or later, which includes the necessary access control fixes. Prior to upgrading, consider creating a backup of your Weblate instance and testing the upgrade in a non-production environment to ensure compatibility and avoid disruptions. Given the difficulty of exploiting this vulnerability (requiring UUID guessing), temporary workarounds may include carefully reviewing API rate limits and monitoring for unusual access patterns. After upgrading, confirm the fix by attempting to access task logs without proper authorization and verifying that access is denied.
Actualice Weblate a la versión 5.17 o posterior para mitigar la vulnerabilidad. Esta actualización corrige la falta de verificación de acceso para las tareas pendientes en la API, previniendo la exposición de registros de operaciones en curso a usuarios no autorizados.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
It's an information disclosure vulnerability in Weblate, allowing unauthorized access to task logs if the task UUID is known.
If you're running Weblate versions 5.0.0 through 5.16, you are potentially affected. Upgrade immediately.
Upgrade Weblate to version 5.17.0 or later to resolve the vulnerability. Back up your instance before upgrading.
There are no current reports of active exploitation, but the vulnerability exists and should be addressed.
Refer to the Weblate project's GitHub repository and security advisories for detailed information and updates: https://github.com/WeblateOrg/weblate
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी requirements.txt फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।