Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
PR:L assigned because configuring VCS repository URLs in Weblate requires at minimum authenticated project-member access; AC:H retained because NAT64 host configuration is a prerequisite for the primary exploit path.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions. This issue has been patched in version 2026.6.
AnalysisAI
Server-Side Request Forgery in Weblate's VCS_RESTRICT_PRIVATE control (versions 5.15 through pre-2026.6) allows bypassing of outbound request restrictions via IPv6 transition address encoding techniques. By supplying a hostname whose DNS AAAA record resolves to a NAT64-wrapped, 6to4-wrapped, or IPv4-compatible IPv6 address that encodes a private IPv4 endpoint, an attacker causes Weblate's validator to pass the address as globally routable while the host kernel routes the packet to the embedded private IPv4 target. The vulnerability carries High confidentiality impact (CVSS 5.9, AV:N/AC:H) because SSRF can expose internal services such as cloud IMDS credential endpoints; no public exploit or CISA KEV listing has been identified at time of analysis.
Technical ContextAI
Weblate's outbound URL guard in weblate/utils/outbound.py relied on Python's ipaddress.IPv6Address.is_global to classify whether a resolved IP address is safe for outbound connection. CWE-918 (Server-Side Request Forgery) applies: the root cause is incomplete sanitization of attacker-controlled network destinations. Python's is_global classifies the NAT64 well-known prefix 64:ff9b::/96 (RFC 6052) as globally routable, but on hosts with NAT64 translation configured the kernel routes these packets to the IPv4 address embedded in the last 32 bits, enabling a private-address bypass. The same logic flaw applied to: 6to4 addresses (2002::/16, RFC 3056, encodes IPv4 in bits 16-47), IPv4-compatible addresses (::N.N.N.N/96, deprecated by RFC 4291 but still routable on some hosts), multicast ranges (IPv4 224.0.0.0/4, IPv6 ff00::/8), 6to4 relay anycast (192.88.99.0/24), ORCHIDv2 (2001:20::/28), and IPv6 Segment Routing (5f00::/16). The fix in PR #19768 adds an _unwrap_ipv6_transition helper that recursively resolves the embedded IPv4 address before the is_global check, and adds explicit blocklist logic for special-use prefixes not covered by is_global. CPE cpe:2.3:a:weblateorg:weblate:*:*:*:*:*:*:*:* covers all affected versions.
RemediationAI
The vendor-released patch is Weblate version 2026.6, available at https://github.com/WeblateOrg/weblate/releases/tag/weblate-2026.6; administrators should upgrade immediately. The fix is contained in weblate/utils/outbound.py and adds recursive IPv6 transition address unwrapping plus extended special-use prefix blocking. If immediate upgrade is not feasible, the most reliable compensating control is network-layer egress filtering on the Weblate host: block outbound connections from the Weblate process to RFC1918 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), loopback (127.0.0.0/8), link-local (169.254.0.0/16 and fe80::/10), and their IPv6 counterparts (fc00::/7, ::1/128), as well as the NAT64 prefix 64:ff9b::/96 and 6to4 range 2002::/16. This firewall-level restriction operates independently of application validation and cannot be bypassed by address encoding. Trade-off: overly broad egress rules may break legitimate VCS integrations with on-premises repositories; test against your repository network topology before applying. Do not treat VCS_RESTRICT_PRIVATE alone as a sufficient SSRF mitigation on affected versions.
Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter o
Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limi
The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when u
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial
Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded f
Weblate versions prior to 5.15.2 expose screenshot images through the web server without authentication controls, enabli
Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpo
Weblate versions up to 5.16.0 contains a vulnerability that allows attackers to an argument injection to `ssh-add` (CVSS
Weblate is a web based localization tool. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Pub
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email addres
Weblate is a web based localization tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable,
Weblate is a copyleft software web-based continuous localization system. Rated medium severity (CVSS 5.4), this vulnerab
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allVendor StatusVendor
SUSE
Severity: ModerateShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36113
GHSA-vmfc-9982-2m45