CVE-2026-45106
CVE-2026-45106
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs ins…
Vulnerability class: XSS (Cross-Site Scripting)
CVSS v3 metric
CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N.
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2026-45106?
- CVE-2026-45106 is a medium-severity vulnerability, classified under Cross-site Scripting. CVSS score: 4.6/10. Published 2026-06-10.
- How severe is CVE-2026-45106?
- Medium severity. CVSS v3 base score is 4.6 out of 10.