Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1137

NIXPKGS-2026-1137
published on
Permalink CVE-2026-33214
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 8 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 13 hours ago
  • @LeSuisse ignored
    8 packages
    • python313Packages.weblate-fonts
    • python314Packages.weblate-fonts
    • python312Packages.weblate-schemas
    • python313Packages.weblate-schemas
    • python314Packages.weblate-schemas
    • python312Packages.weblate-language-data
    • python313Packages.weblate-language-data
    • python314Packages.weblate-language-data
    9 hours ago
  • @LeSuisse accepted 9 hours ago
  • @LeSuisse published on GitHub 8 hours ago
Weblate has improper access control for the translation memory API

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue by blocking access to /api/memory/ in the HTTP server, which removes access to this feature.

Affected products

weblate
  • ==< 5.17

Matching in nixpkgs

pkgs.weblate

Web based translation tool with tight version control integration

Ignored packages (8)

Package maintainers