MEDIUM 6.6

GHSA-33fm-6gp7-4p47

Weblate has an argument injection in management console

상세

### Impact The SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`.

### Patches * https://github.com/WeblateOrg/weblate/pull/17722

### Workarounds Properly limit access to the management console.

### References This issue was reported to us by [alexb_616](https://hackerone.com/alexb_616) via HackerOne.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / weblate

최초 영향 버전: 0 수정 버전: 5.16.0

수정 pip install --upgrade 'weblate>=5.16.0'

참고

https://github.com/WeblateOrg/weblate/security/advisories/GHSA-33fm-6gp7-4p47 [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2026-24126 [ADVISORY]
https://github.com/WeblateOrg/weblate/pull/17722 [WEB]
https://github.com/WeblateOrg/weblate/commit/78773cc141ce0a97900c11341e6cf856451395fd [WEB]
https://github.com/WeblateOrg/weblate [PACKAGE]