CVE-2026-34242

Published April 15th, 2026

View on NVD ↗

CVSS v3

7.7

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17.

WeblateOrg/weblate

Web based localization tool with tight version control integration.

GitHub

5.9K