CVE-2026-33435

Published: Apr 15, 2026 Last Modified: Apr 15, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,0
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: high
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can limit the scope of the vulnerability by restricting access to the project backup, as it is only accessible to users who can create projects.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0033
Percentile
0,6th
Updated

Single Data Point

Only one EPSS measurement is available for this CVE. Trend analysis requires multiple data points over time.

23

Relative Path Traversal

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: AI/ML, Not Technology-Specific, Web Based
View CWE Details
94

Improper Control of Generation of Code ('Code Injection')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Integrity Confidentiality Availability Non-Repudiation
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Hide Activities
Applicable Platforms
Languages: Interpreted
Technologies: AI/ML
Likelihood of Exploit: Medium
View CWE Details
434

Unrestricted Upload of File with Dangerous Type

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages: ASP.NET, Not Language-Specific, PHP
Technologies: Web Server
Likelihood of Exploit: Medium
View CWE Details
https://github.com/WeblateOrg/weblate/pull/18549
https://github.com/WeblateOrg/weblate/pull/18549
https://github.com/WeblateOrg/weblate/security/advisories/G…
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-558g-h753-6m33