CVE-2026-50127
5.9 MEDIUMWeblate is a web based localization tool
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 5.9 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-918
Description
Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions. This issue has been patched in version 2026.6.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-50131 — Fedify is a TypeScript library for building federated server apps powered by ActivityPub (8.6 HIGH)
- CVE-2026-46683 — Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page
- CVE-2026-20252 — In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.1... (7.6 HIGH)
- CVE-2026-48858 — Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvali...
- CVE-2026-46497 — Crawlee is a web scraping and browser automation library