Medium severity4.3NVD Advisory· Published Apr 15, 2026· Updated Apr 21, 2026
CVE-2026-33214
CVE-2026-33214
Description
Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue by blocking access to /api/memory/ in the HTTP server, which removes access to this feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
WeblatePyPI | < 5.17 | 5.17 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/WeblateOrg/weblate/pull/18513nvdIssue TrackingPatchWEB
- github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75rnvdMitigationPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-mpf5-3vph-q75rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33214ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/weblate/PYSEC-2026-152.yamlghsaWEB
News mentions
0No linked articles in our index yet.