cvedb.io
CVE-2025-64326
LOW · CVSS 2.6
EPSS exploitation probability: 0%
Published 2025-11-06T21:15:43.957 · Last modified 2026-06-17T09:54:12.920

Summary

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1.

Affected products

weblate — weblate

Does this affect you?

Add your gear to cvedb and we'll alert you only when weblate ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.