{"cve":{"cve_id":"CVE-2026-34242","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.0041,"epss_percentile":0.3264,"epss_as_of":"2026-06-23","description":"Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially  following symlinks outside the repository. This issue has been fixed in version 5.17.","published_at":"2026-04-15T18:19:59.552000Z","last_modified_at":null,"cvss_v3_score":7.7,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-22","CWE-59","CWE-200"],"nvd_references":["https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hv99-mxm5-q397","https://github.com/WeblateOrg/weblate/commit/5db3a2a2e047ecaab627a8731cd744a30b2f51d3"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:29:58.022904Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"weblateorg","vendor_name":"WeblateOrg","product_slug":"weblate","product_name":"weblate","version_start":"< 5.17","version_start_inclusive":true,"version_end":"< 5.17","version_end_inclusive":true,"cpe23_uri":"cve5:weblateorg:weblate:< 5.17:< 5.17"}],"exploit_refs":[],"news":[],"references":[{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-hv99-mxm5-q397","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://github.com/WeblateOrg/weblate/commit/5db3a2a2e047ecaab627a8731cd744a30b2f51d3","source_type":"PATCH","tags":["patch"]}],"timeline":[{"type":"published","at":"2026-04-15T18:19:59.552000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:53:20.032350Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:20.032350Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:20.032350Z","label":"CVSS score revised","source":"cvelistv5"}]}