MEDIUM 4.1

PYSEC-2026-156

Details

Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / weblate

Introduced in: 0 Fixed in: 5.17

Fix pip install --upgrade 'weblate>=5.17'

References

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-f8hv-g549-hwg2 [ADVISORY]
https://github.com/WeblateOrg/weblate/pull/18815 [FIX]