High severity8.8NVD Advisory· Published Apr 15, 2026· Updated Apr 21, 2026

CVE-2026-34393

Description

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
weblatePyPI	< 5.17	5.17

Affected products

Weblate/Weblate
cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*
Range: <5.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/WeblateOrg/weblate/pull/18687nvdIssue TrackingPatchWEB
github.com/WeblateOrg/weblate/security/advisories/GHSA-3382-gw9x-477vnvdThird Party AdvisoryWEB
github.com/advisories/GHSA-3382-gw9x-477vghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-34393ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000