{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-34242/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-34242"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["weblate","path-traversal","zip-archive","cve-2026-34242"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eWeblate, a web-based localization tool, has a path traversal vulnerability (CVE-2026-34242) affecting versions prior to 5.17. The vulnerability exists within the ZIP download feature, where the application fails to adequately verify downloaded files. This can allow an attacker to craft a malicious ZIP archive containing symbolic links that, when extracted by a user or the application itself, can lead to files outside of the intended repository being accessed. The vulnerability was reported and patched in version 5.17. Exploitation of this vulnerability requires a user to download and extract a maliciously crafted ZIP file.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a Weblate instance running a version prior to 5.17.\u003c/li\u003e\n\u003cli\u003eAttacker gains access to a translation project, either legitimately (e.g., as a translator) or illegitimately (e.g., via compromised credentials or another vulnerability).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious ZIP archive containing symbolic links that point to sensitive files or directories outside the intended Weblate repository (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, application configuration files).\u003c/li\u003e\n\u003cli\u003eAttacker uploads the malicious ZIP archive to the Weblate project, potentially disguised as a legitimate translation file.\u003c/li\u003e\n\u003cli\u003eA user (e.g., an administrator or another translator) downloads the ZIP archive using the ZIP download feature.\u003c/li\u003e\n\u003cli\u003eThe user extracts the ZIP archive on their local machine or, if Weblate automatically processes the ZIP, on the server.\u003c/li\u003e\n\u003cli\u003eThe symbolic links within the extracted archive are resolved, potentially allowing access to sensitive files or directories outside the Weblate repository.\u003c/li\u003e\n\u003cli\u003eAttacker gains unauthorized access to sensitive information, potentially leading to further compromise of the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability (CVE-2026-34242) can allow an attacker to read arbitrary files on the server where Weblate is installed or on a user\u0026rsquo;s machine if the user downloads and extracts the crafted ZIP archive locally. This could lead to the exposure of sensitive information such as application configuration files, database credentials, or even system-level files, depending on the permissions of the user or the Weblate application. The severity is rated as HIGH with a CVSS v3.1 score of 7.7.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Weblate to version 5.17 or later to patch CVE-2026-34242 (reference: Overview).\u003c/li\u003e\n\u003cli\u003eImplement file integrity monitoring on Weblate servers to detect unauthorized file access (reference: Attack Chain - step 7).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect ZIP archive downloads containing suspicious filenames that might indicate path traversal attempts (reference: rules).\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of downloading and extracting files from untrusted sources (reference: Overview).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T19:16:35Z","date_published":"2026-04-15T19:16:35Z","id":"/briefs/2026-04-weblate-path-traversal/","summary":"Weblate versions before 5.17 are vulnerable to path traversal due to improper verification of downloaded files in the ZIP download feature, potentially allowing attackers to access files outside the intended repository.","title":"Weblate Path Traversal Vulnerability in ZIP Download Feature (CVE-2026-34242)","url":"https://feed.craftedsignal.io/briefs/2026-04-weblate-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-34242","version":"https://jsonfeed.org/version/1.1"}