GHSA-3g2f-4rjg-9385

Source

https://github.com/advisories/GHSA-3g2f-4rjg-9385

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-3g2f-4rjg-9385/GHSA-3g2f-4rjg-9385.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3g2f-4rjg-9385

Aliases

CVE-2026-21889

Published

2026-01-14T16:45:07Z

Modified

2026-02-03T02:58:44.286509Z

Severity

2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N CVSS Calculator

Summary

Weblate leaks information via screenshots

Details

Impact

The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename.

Patches

https://github.com/WeblateOrg/weblate/pull/17516

References

Thanks to Lukas May and Michael Leu for reporting this.

Database specific

{
    "cwe_ids": [
        "CWE-284"
    ],
    "github_reviewed_at": "2026-01-14T16:45:07Z",
    "nvd_published_at": "2026-01-14T17:16:07Z",
    "severity": "LOW",
    "github_reviewed": true
}

References

Affected packages

PyPI / weblate

Package

Name: weblate; View open source insights on deps.dev
Purl: pkg:pypi/weblate

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.2

Affected versions

1.*

1.9

2.*

2.0

2.1

2.2

2.3

2.4

2.5

2.6

2.7

2.8

2.9

2.10

2.10.1

2.11

2.12

2.13

2.13.1

2.14

2.14.1

2.15

2.16

2.17

2.17.1

2.18

2.19

2.19.1

2.20

3.*

3.0

3.0.1

3.1

3.1.1

3.2

3.2.1

3.2.2

3.3

3.4

3.5

3.5.1

3.6

3.6.1

3.7

3.7.1

3.8

3.9

3.9.1

3.10

3.10.1

3.10.2

3.10.3

3.11

3.11.1

3.11.2

3.11.3

4.*

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.1

4.1.1

4.2

4.2.1

4.2.2

4.3

4.3.1

4.3.2

4.4

4.4.1

4.4.2

4.5

4.5.1

4.5.2

4.5.3

4.6

4.6.1

4.6.2

4.7

4.7.1

4.7.2

4.8

4.8.1

4.9

4.9.1

4.10

4.10.1

4.11

4.11.1

4.11.2

4.12

4.12.1

4.12.2

4.13

4.13.1

4.14

4.14.1

4.14.2

4.15

4.15.1

4.15.2

4.16

4.16.1

4.16.2

4.16.3

4.16.4

4.17

4.18

4.18.1

4.18.2

5.*

5.0

5.0.1

5.0.2

5.1

5.1.1

5.2

5.2.1

5.3

5.3.1

5.4

5.4.1

5.4.2

5.4.3

5.5

5.5.2

5.5.3

5.5.4

5.5.5

5.6

5.6.1

5.6.2

5.7

5.7.1

5.7.2

5.8.1

5.8.2

5.8.3

5.8.4

5.9.1

5.9.2

5.10

5.10.1

5.10.2

5.10.3

5.10.4

5.11

5.11.1

5.11.3

5.11.4

5.12.1

5.12.2

5.13

5.13.1

5.13.2

5.13.3

5.14

5.14.1

5.14.2

5.14.3

5.15

5.15.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-3g2f-4rjg-9385/GHSA-3g2f-4rjg-9385.json"