What is the CVSS score of CVE-2026-44263?

CVE-2026-44263 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-44263?

Yes, a patch is available for CVE-2026-44263. Update the affected software to the latest version immediately.

Weblate CVE-2026-44263

EUVD-2026-28387 MEDIUM

Observable Discrepancy (CWE-203)

2026-05-07 https://github.com/WeblateOrg/weblate

GHSA-gcg5-86jr-f7jg

Information Disclosure Suse

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

May 07, 2026 - 00:32 vuln.today

Analysis Generated

May 07, 2026 - 00:32 vuln.today

CVE Published

May 07, 2026 - 00:03 nvd

MEDIUM 4.3

DescriptionNVD

Impact

The screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user.

Patches

https://github.com/WeblateOrg/weblate/pull/19258

Acknowledgement

Weblate thanks Luay for reporting this vulnerability according to the organization's security issues guideline.

AnalysisAI

Weblate versions before 5.17.1 allow authenticated users to enumerate translations in projects they cannot access via the screenshots, tasks, and component link API endpoints. An attacker with valid credentials but no project access can probe these APIs to discover the existence and metadata of private translations, leading to information disclosure of project structure and language coverage that should remain hidden. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-44263 vulnerability details – vuln.today

Back

Weblate CVE-2026-44263

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Impact

Patches

Acknowledgement

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code