CVE-2026-21889 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-21889 Interim 1 1 2026-03-05T00:18:36Z current 2026-03-05T00:18:36Z 2026-03-05T00:18:36Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-21889 Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed weblate-5.16-1.1 weblate-5.16-1.1 as a component of openSUSE Tumbleweed Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vulnerability is fixed in 5.15.2. CVE-2026-21889 openSUSE Tumbleweed:weblate-5.16-1.1 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N