CVE 8.8 HIGH

Weblate: Privilege escalation in the user API endpoint_CVE-2026-34393

April 15, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17.

AI Analysis

Privilege escalation in the user API endpoint due to improper limitation of edits

Basic Information

ID CVE-2026-34393

Source GitHub_M

Published Apr 15, 2026 at 18:24

Modified Apr 15, 2026 at 18:38

Affected Product

Vendor WeblateOrg

Product weblate

Version < 5.17

Affected Versions WeblateOrg weblate < 5.17

CWE Classification

CWE-269

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor WeblateOrg

Product Weblate

Version < 5.17

References

{
    "lastseen": "",
    "description": "Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17.",
    "published": "2026-04-15T18:24:30.813Z",
    "modified": "2026-04-15T18:38:53.920Z",
    "type": "cve",
    "title": "Weblate: Privilege escalation in the user API endpoint",
    "source": "GitHub_M",
    "references": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3382-gw9x-477v\nhttps://github.com/WeblateOrg/weblate/pull/18687",
    "id": "CVE-2026-34393",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "WeblateOrg weblate < 5.17",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "weblate",
    "version": "< 5.17",
    "vendor": "WeblateOrg",
    "ai_description": "Privilege escalation in the user API endpoint due to improper limitation of edits",
    "ai_severity": "High",
    "ai_vendor": "WeblateOrg",
    "ai_product": "Weblate",
    "ai_version": "< 5.17",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply