{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T07:46:38.375","vulnerabilities":[{"cve":{"id":"CVE-2026-24126","sourceIdentifier":"security-advisories@github.com","published":"2026-02-19T00:16:21.483","lastModified":"2026-02-19T18:34:57.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management console."},{"lang":"es","value":"Weblate es una herramienta de localización basada en web. Antes de la 5.16.0, la consola de administración SSH no validaba la entrada proporcionada al añadir la clave de host SSH, lo que podría conducir a una inyección de argumentos en `ssh-add`. La versión 5.16.0 corrige el problema. Como solución alternativa, se recomienda limitar adecuadamente el acceso a la consola de administración."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*","versionEndExcluding":"5.16","matchCriteriaId":"0DFDA177-B23B-4767-A647-969D44EA60D9"}]}]}],"references":[{"url":"https://github.com/WeblateOrg/weblate/commit/78773cc141ce0a97900c11341e6cf856451395fd","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/WeblateOrg/weblate/pull/17722","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/WeblateOrg/weblate/security/advisories/GHSA-33fm-6gp7-4p47","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}}]}