CVE-2026-45106EPSS p10.9%

CVE-2026-45106CVE-2026-45106

Description

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. This issue has been patched in version 2026.5.

Scoring

CVSS 4.6 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS0.21% probability of exploitation · percentile 10.9% · 2026-06-18T12:00:27Z
Last modified2026-06-10

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-34393
CVE
CVE-2026-50127
CVE
CVE-2026-33435
CVE
CVE-2025-68398
CVE
CVE-2026-24126
CVE
CVE-2025-64725
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.