MEDIUM 5.9
GHSA-vmfc-9982-2m45
Weblate SSRF: outbound URL guard misses some private ranges
상세
### Impact
Weblate's `VCS_RESTRICT_PRIVATE` did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions.
### Patches
* https://github.com/WeblateOrg/weblate/pull/19768
### Resources
The issue was reported by @tonghuaroot via GitHub, and the same user also provided the initial patch.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-vmfc-9982-2m45 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-50127 [ADVISORY]
- https://github.com/WeblateOrg/weblate/pull/19768 [WEB]
- https://github.com/WeblateOrg/weblate [PACKAGE]
- https://github.com/WeblateOrg/weblate/releases/tag/weblate-2026.6 [WEB]