CVE-2026-33440 | weblate up to 5.16 Setting ALLOWED_ASSET_DOMAINS server-side request forgery (GHSA-5fhx-9jwj-867m)

A vulnerability categorized as critical has been discovered in weblate up to 5.16. This impacts an unknown function of the component Setting Handler. Such manipulation of the argument ALLOWED_ASSET_DOMAINS leads to server-side request forgery.

This vulnerability is documented as CVE-2026-33440. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More