CVE-2026-21889
Low
Low
Medium
High
Critical
CVSS Score
Published: Jan 14, 2026
Last Modified: Jan 14, 2026
Vulnerability Description
Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2.
References & Resources
-
https://github.com/WeblateOrg/weblate/commit/a6eb5fd0299780eca286be8ff187dc2d10feec47security-advisories@github.com
-
https://github.com/WeblateOrg/weblate/pull/17516security-advisories@github.com
-
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3g2f-4rjg-9385security-advisories@github.com
Severity Details
out of 10.0
Low
Key Information
- Published Date
- January 14, 2026
