PT-2026-22201

🗓️ 26 Feb 2026 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 2 Views

Weblate before point sixteen one exposed all addons due to unscoped addon queries; fixed in version.

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2026-27457	26 Feb 202621:56	–	attackerkb
Circl	CVE-2026-27457	26 Feb 202622:10	–	circl
CNNVD	Weblate 安全漏洞	26 Feb 202600:00	–	cnnvd
CVE	CVE-2026-27457	26 Feb 202621:56	–	cve
Cvelist	CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations	26 Feb 202621:56	–	cvelist
EUVD	EUVD-2026-8897	26 Feb 202619:45	–	euvd
Github Security Blog	Weblate: Missing access control for the AddonViewSet API exposes all addon configurations	26 Feb 202619:45	–	github
NVD	CVE-2026-27457	26 Feb 202622:20	–	nvd
OPENSUSE Linux	weblate-5.16.1-1.1 on GA media (moderate)	9 Mar 202600:00	–	opensuse
OSV	CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations	26 Feb 202621:56	–	osv

Source	Link
github	www.github.com/WeblateOrg/weblate/security/advisories/GHSA-wppc-7cq7-cgfv
github	www.github.com/WeblateOrg/weblate/commit/7802c9b121eb407c48d4adddd4f2458fb3efef0f
github	www.github.com/WeblateOrg/weblate/pull/18107
github	www.github.com/WeblateOrg/weblate/pull/18164
twitter	www.twitter.com/VulmonFeeds/status/2027239210134929535
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27457.json
reddit	www.reddit.com/r/VulnMatter/comments/1rfmr3t/resumen_diario_de_vulnerabilidades_26022026
github	www.github.com/WeblateOrg/weblate/commit/3f58f9a4152bc0cbdd6eff5954f9c7bc4d9f0af9
twitter	www.twitter.com/CVEnew/status/2027466648010330230
osv	www.osv.dev/vulnerability/GHSA-wppc-7cq7-cgfv

09 Mar 2026 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.14.3

EPSS0.00036

SSVC

weblate addons exposure unscoped addon queries user permissions check five sixteen one