2 matches found
Exploit for Argument Injection in Weblate
Weblate -- Arbitrary File Read via SSH Host Argument Injection...
CVE-2026-24126 Weblate has an argument injection in management console
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...