CVE-2026-41654

NVD data not available for this CVE. It may be pending analysis or not yet published.

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2026-41654 — Weblate is a web based localization tool. Prior to version 5.17.1, an authentica...

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/<name>.json contains an attacker-chosen repo URL pointing at a private address (e.g. http://127.0.0.1:9999/) or using a non-allow-listed sc

CVE-2026-41654
NIST NVD