Search for vulnerabilities
| Vulnerability ID | VCID-ujf7-ybqh-77cg |
| Aliases |
CVE-2026-21889
GHSA-3g2f-4rjg-9385 |
| Summary | Weblate leaks information via screenshots The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| There are no known severity scores. | ||
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/WeblateOrg/weblate | ||
| https://github.com/WeblateOrg/weblate/commit/a6eb5fd0299780eca286be8ff187dc2d10feec47 | ||
| https://github.com/WeblateOrg/weblate/pull/17516 | ||
| CVE-2026-21889 | https://nvd.nist.gov/vuln/detail/CVE-2026-21889 | |
| GHSA-3g2f-4rjg-9385 | https://github.com/advisories/GHSA-3g2f-4rjg-9385 | |
| GHSA-3g2f-4rjg-9385 | https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3g2f-4rjg-9385 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-02T04:49:32.254536+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Weblate/CVE-2026-21889.yml | 38.6.0 |