CVE-2026-33440

Published April 15th, 2026

View on NVD ↗

CVSS v3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. This issue has been fixed in version 5.17.

WeblateOrg/weblate

Web based localization tool with tight version control integration.

GitHub

5.9K