← Volver a CVEs
CVE-2026-33212
LOW3.1
Descripcion
Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so exploiting this is unlikely with the default API rate limits. This issue has been fixed in version 5.17.
Detalles CVE
Puntuacion CVSS v3.13.1
SeveridadLOW
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/15/2026
Ultima modificacion4/17/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-284
Referencias
https://github.com/WeblateOrg/weblate/commit/4e06b12cd05d087db68384e09d5f70fe883f2b70(security-advisories@github.com)
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-vj45-x3pj-f4w4(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.