NIXPKGS-2026-0151

GitHub issue published on 7 Feb 2026

Permalink CVE-2025-68398

updated 2 weeks ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 1 day ago
@LeSuisse removed
6 packages
- python312Packages.weblate-schemas
- python313Packages.weblate-schemas
- python314Packages.weblate-schemas
- python312Packages.weblate-language-data
- python313Packages.weblate-language-data
- python314Packages.weblate-language-data
2 weeks ago
@LeSuisse accepted 2 weeks ago
@LeSuisse published on GitHub 2 weeks ago

Weblate has git config file overwrite vulnerability that leads to remote code execution

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.

Affected products

weblate

==< 5.15.1

Matching in nixpkgs

pkgs.weblate

Web based translation tool with tight version control integration

nixos-unstable 5.15.2
- nixpkgs-unstable 5.15.2
- nixos-unstable-small 5.15.2
nixos-25.11 5.15.1
- nixos-25.11-small 5.15.1
- nixpkgs-25.11-darwin 5.15.1

Package maintainers

@erictapen Kerstin Humm <kerstin@erictapen.name>

Upstream advisory: https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3
Upstream patch: https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7 and https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0151

Affected products

Matching in nixpkgs

pkgs.weblate

Package maintainers