CVE-2026-40256 | weblate up to 5.16 repo_outside path traversal (GHSA-ffgh-3jrf-8wvh)

April 16, 2026 Yanac

A vulnerability was found in weblate up to 5.16 and classified as critical. This affects the function repo_outside. The manipulation results in path traversal.

This vulnerability is identified as CVE-2026-40256. The attack can be executed remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More

CVE-2025-41118 | Grafana Pyroscope up to 1.15.x API secret_key Remote Code Execution
CVE-2026-21727 | Grafana Correlations up to 12.3.x hero-legal2.svg information disclosure