What is the severity of CVE-2026-21889?

CVE-2026-21889 has a CVSS v3 score of 7.5, which is classified as High severity.

Is there an exploit available for CVE-2026-21889?

No known public exploits are currently available for CVE-2026-21889.

Is there a patch available for CVE-2026-21889?

Yes, patches are available for CVE-2026-21889. Check the vendor advisories for update instructions.

CVE-2026-21889 - CVE Details, Severity, and Analysis

Q: What is CVE-2026-21889?

### Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. ### Patches * https://github.com/WeblateOrg/weblate/pull/17516 ### References Thanks to Lukas May and Michael Leu for reporting this.

CVE-2026-21889 - CVE Details, Severity, and Analysis | Strobes VI

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Weblate	Weblate

Advisories

GitHub Advisory

NVD: Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2.