CVE-2026-27457 | weblate up to 5.16.0 REST API weblate/api/views.py get_queryset authorization (GHSA-wppc-7cq7-cgfv)

Inserito da Angelo Barbosa | Feb 27, 2026 | CVE

A vulnerability classified as problematic has been found in weblate up to 5.16.0. This impacts the function get_queryset of the file weblate/api/views.py of the component REST API. The manipulation leads to missing authorization.

This vulnerability is uniquely identified as CVE-2026-27457. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-27457 | weblate up to 5.16.0 REST API weblate/api/views.py get_queryset authorization (GHSA-wppc-7cq7-cgfv)

Post correlati

CVE-2024-7400 | ESET NOD32 Antivirus up to 1250 on Windows insecure operation on windows junction / mount point

CVE-2025-14276 | Ilevia EVE X1 Server up to 4.6.5.0.eden leaf_search.php line command injection

CVE-2024-5448 | PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode Plugin cross site scripting

CVE-2025-62716 | makeplane up to 1.0.x next_path cross site scripting (GHSA-6fj7-xgpg-mj6f)