Threat Advisory

Weblate SSRF Lets Attackers Bypass Private Range Restrictions

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Medium
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A medium severity vulnerability affecting weblate versions >= 5.15, < 2026.6, identified as

CVE-2026-50127 with a CVSS score of 5.9, was discovered in Weblate due to missing proper accounting for some transitional IPv6 ranges, multicast addresses, or semi-private IPv4 ranges by the outbound URL guard, which allowed an attacker to bypass private range restrictions and potentially lead to unauthorized access or data exfiltration, impacting the integrity of sensitive data. This flaw type is a server-side request forgery (SSRF) vulnerability with an attack vector of network access, requiring high privileges to exploit and no user interaction. The business impact of this vulnerability includes unauthorized access to sensitive data, which can result in financial loss or damage to reputation if exploited by malicious actors.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

A medium severity vulnerability affecting weblate versions >= 5.15, < 2026.6, identified as

CVE-2026-50127 with a CVSS score of 5.9, was discovered in Weblate due to missing proper accounting for some transitional IPv6 ranges, multicast addresses, or semi-private IPv4 ranges by the outbound URL guard, which allowed an attacker to bypass private range restrictions and potentially lead to unauthorized access or data exfiltration, impacting the integrity of sensitive data. This flaw type is a server-side request forgery (SSRF) vulnerability with an attack vector of network access, requiring high privileges to exploit and no user interaction. The business impact of this vulnerability includes unauthorized access to sensitive data, which can result in financial loss or damage to reputation if exploited by malicious actors.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update Weblate to version 2026.6.

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu