ByteOS Network

NVD Vulnerability Details :

CVE-2026-33435

Analyzed

Source-security-advisories@github.com

Published At-15 Apr, 2026 | 19:16

Updated At-21 Apr, 2026 | 14:10

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can limit the scope of the vulnerability by restricting access to the project backup, as it is only accessible to users who can create projects.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.0	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CPE Matches

weblate>>weblate>>Versions before 5.17(exclusive)

cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*