CVE-2026-33214: Weblate: Improper access control for the translation memory in API

April 16, 2026

The translation memory API exposed unintended endpoints, which in turn didn’t do proper access control.

References

github.com/WeblateOrg/weblate
github.com/WeblateOrg/weblate/pull/18513
github.com/WeblateOrg/weblate/security/advisories/GHSA-mpf5-3vph-q75r
github.com/advisories/GHSA-mpf5-3vph-q75r
nvd.nist.gov/vuln/detail/CVE-2026-33214

Code Behaviors & Features

Detect and mitigate CVE-2026-33214 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →