CNNVD-202601-2389 Information

CNNVD ID

CNNVD-202601-2389

Related CVE

CVE-2026-21889

• CNNVD Published: 2026-01-14

Description (Chinese)

Weblate是Weblate开源的一个 Copyleft 的基于 web 的自由软件持续本地化系统。 Weblate 5.15.2之前版本存在访问控制错误漏洞，该漏洞源于截图图像访问控制不当，可能导致未经验证的用户访问截图。

Description (English)

Weblate is a weblate open source, a web-based free software-based localization system. The pre-Weblate 5.15.2 version had an access control error gap, which stemmed from inadequate access control of the image, which could lead to unverified user access.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Weblate

Published

2026-01-14

Last Modified

2026-02-24

References

https://github.com/WeblateOrg/weblate/commit/a6eb5fd0299780eca286be8ff187dc2d10feec47 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3g2f-4rjg-9385 https://github.com/WeblateOrg/weblate/pull/17516 https://access.redhat.com/security/cve/cve-2026-21889

Patch

https://weblate.org/zh-hans/download/