ByteOS Network

NVD Vulnerability Details :

CVE-2026-45106

Deferred

Source-security-advisories@github.com

Published At-10 Jun, 2026 | 20:17

Updated At-10 Jun, 2026 | 20:21

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. This issue has been patched in version 2026.5.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.6	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	security-advisories@github.com

CWE ID: CWE-79

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/WeblateOrg/weblate/pull/19422	security-advisories@github.com	N/A
https://github.com/WeblateOrg/weblate/releases/tag/weblate-2026.5	security-advisories@github.com	N/A
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6wxc-8mgq-w26m	security-advisories@github.com	N/A