Description
Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/<name>.json contains an attacker-chosen repo URL pointing at a private address (e.g. http://127.0.0.1:9999/) or using a non-allow-listed scheme (e.g. file://, git://). Weblate persists the component via Component.objects.bulk_create([component])[0], which bypasses Django's full_clean() and therefore never runs the validate_repo_url validator. The URL is subsequently written verbatim into .git/config by configure_repo(pull=False). This issue has been patched in version 5.17.1.
Published: 2026-05-07
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A prepared project backup ZIP file can be uploaded by a user who has project.add permission. The backup contains a component JSON with a repository URL that points to a private IP or uses a non‑allow‑listed scheme such as file:// or git://. During import the backup is processed using Component.objects.bulk_create, which bypasses Django’s full_clean validation and therefore never runs the validate_repo_url validator. The unvalidated URL is then written verbatim into .git/config by configure_repo(pull=False). This makes the Weblate instance able to reach arbitrary internal hosts or services through Git configuration, providing an authenticated SSRF vulnerability that can expose internal network resources. The impact is limited to the internal network from which the server can reach services; no direct remote code execution is described.

Affected Systems

The CVE affects installations of Weblate Organization’s Weblate product, specifically any version preceding 5.17.1. Any user who holds an active billing or trial plan on the hosted SaaS platform, or any account with project.add permission on self‑hosted deployments, can exploit this flaw.

Risk and Exploitability

The severity is classified with a CVSS score of 5.3, indicating moderate risk. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is authenticated internal access: a legitimate user can exploit the flaw, so the main requirement is having the project.add permission. Once the attacker uploads a crafted backup, the server will initiate outbound HTTP or other protocol requests to the specified private address, potentially revealing internal assets or exposing services otherwise unreachable from the public Internet.

Generated by OpenCVE AI on May 7, 2026 at 15:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Weblate to version 5.17.1 or later, where the validate_repo_url check is enforced during import.
  • If an upgrade is not immediately possible, remove project.add permission from all non‑trusted users or restrict it to only essential accounts.
  • Audit the import functionality to ensure any repository URL provided by users is validated or whitelisted before being persisted to the Git configuration.

Generated by OpenCVE AI on May 7, 2026 at 15:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cwcx-382v-8m9g Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url
History

Thu, 07 May 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Weblate
Weblate weblate
Vendors & Products Weblate
Weblate weblate

Thu, 07 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/<name>.json contains an attacker-chosen repo URL pointing at a private address (e.g. http://127.0.0.1:9999/) or using a non-allow-listed scheme (e.g. file://, git://). Weblate persists the component via Component.objects.bulk_create([component])[0], which bypasses Django's full_clean() and therefore never runs the validate_repo_url validator. The URL is subsequently written verbatim into .git/config by configure_repo(pull=False). This issue has been patched in version 5.17.1.
Title Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url
Weaknesses CWE-20
CWE-918
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Weblate Weblate
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-07T13:40:12.532Z

Reserved: 2026-04-21T23:58:43.803Z

Link: CVE-2026-41654

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-07T15:16:07.907

Modified: 2026-05-07T15:46:27.607

Link: CVE-2026-41654

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T18:00:11Z

Weaknesses