CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-50127

CVE-2026-50127: Server-Side Request Forgery Bypass via IPv6 Transition Prefixes in Weblate

Alon Barad
Alon Barad
Software Engineer

Jul 8, 2026·6 min read·5 visits

Executive Summary (TL;DR)

Weblate's outbound URL validator bypassed using IPv6 transition encapsulation (e.g. NAT64 prefixes), allowing unauthenticated attackers to route HTTP and VCS requests to internal-only endpoints.

A Server-Side Request Forgery (SSRF) vulnerability exists in Weblate's private address validator when the VCS_RESTRICT_PRIVATE setting is enabled. By exploiting IPv6 transition mechanisms, such as NAT64, 6to4, or IPv4-compatible configurations, an attacker can bypass private network boundaries and access internal services.

Vulnerability Overview

Weblate is a web-based translation and localization platform that integrates with popular Version Control Systems (VCS). Because it automatically pulls and pushes localized resources from external source code repositories, it accepts and resolves arbitrary user-supplied repository URLs. To prevent users from leveraging Weblate to perform internal network scans or access confidential cloud-metadata endpoints, developers introduced the VCS_RESTRICT_PRIVATE configuration setting.

When VCS_RESTRICT_PRIVATE is active, Weblate is designed to evaluate resolved target IP addresses and block outbound connections if the destination resolves to private, local, or loopback networks. However, versions starting from 5.15 up to (but excluding) 2026.6 suffer from a logical validation bypass that subverts this restriction.

The core of the vulnerability lies in Weblate's outbound security filter, which failed to account for transitional IPv6 environments. By providing hostnames that resolve to transition-wrapped IPv4 targets, attackers can make Weblate's validation filter perceive the destination as globally routable while the host's operating system connects directly to a private internal target.

Root Cause Analysis

To validate whether an IP address belongs to a public, globally routable network, Weblate's outbound filter historically relied on the Python standard library's ipaddress module. The application parsed resolved hostnames into IP address structures and then checked the .is_global property. If this property returned True, Weblate assumed the connection was safe to establish.

This architecture creates a critical security gap when handling IPv6 transitional prefixes that encapsulate underlying IPv4 addresses. For example, the RFC 6052 NAT64 prefix 64:ff9b::/96 is classified as globally routable by Python's ipaddress library because it is intended for internet-scale routing translation. However, on host operating systems or networks where NAT64 translation is active, routing packets to 64:ff9b::/96 forces the local network layer to extract the last 32 bits and route the packet to the encoded IPv4 address.

Because the Python library only evaluates the overall IPv6 wrapper prefix, Weblate's application-layer security policy approves the connection. Subsequently, the operating system-layer connection code decodes the IPv6 address and connects to the private destination. This dynamic introduces a Time-of-Check to Time-of-Use discrepancy between application logic and OS-level routing execution.

Code Analysis

The vulnerable code path inside weblate/utils/outbound.py checked the global routing status using a simple boolean validation helper:

# Vulnerable IP validation function
def _is_public_ip(value: str) -> bool:
    address = _parse_ip(value)
    return address is not None and address.is_global

Because standard IPv6 transition prefixes return True for .is_global, an attacker-supplied hostname resolving to [64:ff9b::a9fe:a9fe] bypassed this function. To eliminate this issue, the security patch implemented a recursive unwrapping routine called _unwrap_ipv6_transition:

# Patched unwrapping routine in weblate/utils/outbound.py
def _unwrap_ipv6_transition(
    address: ipaddress.IPv4Address | ipaddress.IPv6Address,
) -> ipaddress.IPv4Address | ipaddress.IPv6Address:
    if not isinstance(address, ipaddress.IPv6Address):
        return address
    if address.ipv4_mapped is not None:
        return address.ipv4_mapped
    if address in _NAT64_PREFIX: # 64:ff9b::/96
        return ipaddress.IPv4Address(address.packed[-4:])
    if address in _IPV4_COMPAT: # ::0.0.0.0/96
        embedded = ipaddress.IPv4Address(address.packed[-4:])
        if int(embedded) != 0:
            return embedded
    return address

Once unwrapped, the inner IPv4 address is parsed recursively. This ensures that hidden local addresses, such as loopback (127.0.0.1) or link-local targets (169.254.169.254), are identified and restricted correctly.

Exploitation Methodology

To exploit this vulnerability, an attacker must have network-level or UI-level access to endpoints that trigger outbound network queries, such as the repository creation wizard or repository update webhooks. Additionally, the target environment must support IPv6-to-IPv4 translation or transition encapsulation mechanisms.

In a cloud environment like AWS, an attacker identifies the target resource as the AWS Instance Metadata Service (IMDSv1) at address 169.254.169.254. This target IPv4 is represented in hexadecimal as a9fe:a9fe. Using standard NAT64 formatting, the attacker constructs the target IPv6 equivalent: 64:ff9b::a9fe:a9fe (or 64:ff9b::169.254.169.254).

The attacker enters this custom IP format into Weblate's repository URL configuration interface. During validation, Weblate's validator checks [64:ff9b::a9fe:a9fe] and permits the connection because the prefix evaluates as global. During connection establishment, the operating system converts the destination back to the targeted private IP address and completes the SSRF chain.

Impact Assessment

The impact of a successful SSRF attack via CVE-2026-50127 varies based on the configuration of the targeted local network. In cloud environments where Weblate is hosted, attackers can query internal metadata endpoints. This exposes cloud service account credentials, access tokens, and sensitive system parameters.

Furthermore, attackers can use Weblate's connection engine as an internal proxy to scan adjacent servers or run raw HTTP queries against unauthenticated database interfaces, local administrative panels, or microservices sharing the host network space. This can lead to horizontal privilege escalation or absolute backend database compromise.

The official CVSS v3.1 score is evaluated at 5.9 (Medium), reflecting the high attack complexity (AC:H). This rating stems from the requirement that the local host system or target container network must support or enable translation layers to route IPv6 transition targets to internal IPv4 addresses.

Remediation and Operational Risks

The primary remediation strategy is upgrading Weblate instances to version 2026.6 or higher. This release integrates strict recursive address unwrapping. It explicitly flags and drops transition addresses wrapping non-public internal targets before establishing connections.

If immediate software upgrades are not possible, host administrators must apply external firewalls or drop policies. Configuring local container firewall boundaries (using iptables or equivalent utilities) to block outgoing traffic targeting 64:ff9b::/96, 2002::/16, and ::0.0.0.0/96 isolates the application from these translation routes.

It is important to evaluate any custom translation settings used within internal environments. If your network configuration uses a custom Network-Specific Prefix (NSP) for NAT64 translation (such as 2001:db8:nat64::/96), Weblate's standard blocklist will not automatically recognize it. In these customized network configurations, additional host-level firewalls must be maintained to prevent bypasses.

Official Patches

WeblatePull Request #19768: Fix Server-Side Request Forgery Bypass via IPv6 Transition Prefixes
WeblateUnified raw diff containing the code implementation changes

Fix Analysis (1)

Technical Appendix

CVSS Score
5.9/ 10
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Probability
0.29%
Top 79% most exploited

Affected Systems

Weblate

Affected Versions Detail

Product
Affected Versions
Fixed Version
Weblate
WeblateOrg
>= 5.15, < 2026.62026.6
AttributeDetail
CWE IDCWE-918
Attack VectorNetwork (AV:N)
CVSS Base Score5.9 (Medium)
EPSS Score0.00291 (0.29%)
Exploit StatusProof of Concept
CISA KEV StatusNot Listed

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1005Data from Local System
Collection
CWE-918
Server-Side Request Forgery (SSRF)

The web application server processes user-supplied URLs without verifying if they resolve to internal, private, or loopback network interfaces, enabling unauthorized outbound request routing.

Vulnerability Timeline

Pull Request 19768 merged by developer
2026-06-01
CVE-2026-50127 assigned and security advisory GHSA-vmfc-9982-2m45 published
2026-06-10
NVD publishes official scoring and mapping metrics
2026-06-17

References & Sources

  • [1]Weblate Security Advisory GHSA-vmfc-9982-2m45
  • [2]CVE-2026-50127 Record on CVE.org
  • [3]Weblate 2026.6 Release Notes

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•16 minutes ago•GHSA-Q855-8RH5-JFGQ
6.5

GHSA-Q855-8RH5-JFGQ: Missing Authentication and CSRF in ha-mcp bare root settings and policy routes

The ha-mcp add-on for Home Assistant exposes its settings and security policy routes without authentication at the bare root path of TCP port 9583. This exposure allows unauthorized adjacent network clients to reconfigure tools, alter policies, and bypass human-in-the-loop approval gates. The vulnerability has been addressed in development build 7.6.0.dev393 and subsequent releases by restricting access to root-mounted routes exclusively to the Supervisor Ingress IP.

Amit Schendel
Amit Schendel
2 views•8 min read
•about 1 hour ago•GHSA-F66Q-9RF6-8795
5.3

GHSA-f66q-9rf6-8795: WebAuthn Re-authentication Freshness Bypass in Flask-Security-Too

An authentication freshness bypass vulnerability exists in the WebAuthn re-authentication path of Flask-Security-Too versions 5.8.0 and 5.8.1. The flaw allows an authenticated attacker to elevate the freshness status of a victim session using their own WebAuthn credential, bypassing re-authentication constraints.

Amit Schendel
Amit Schendel
4 views•5 min read
•about 2 hours ago•GHSA-P2FR-6HMX-4528
6.4

GHSA-p2fr-6hmx-4528: Unbound Resource Indicators Allow Cross-Audience Access Token Escalation in @better-auth/oauth-provider

A security vulnerability in @better-auth/oauth-provider allows OAuth clients to obtain access tokens for unauthorized audiences due to unbound resource indicators. The implementation fails to bind the requested target resource to the initial authorization grant. Consequently, a client can request an access token targeting any resource server within the global allowlist, bypassing user consent boundaries.

Alon Barad
Alon Barad
4 views•6 min read
•about 2 hours ago•GHSA-86J7-9J95-VPQJ
8.8

GHSA-86J7-9J95-VPQJ: Stored Cross-Site Scripting in Better Auth Plugins via Malicious Redirect URIs

A stored cross-site scripting vulnerability exists in the oidc-provider and mcp plugins of Better Auth. Attackers can register malicious clients with javascript: redirect URIs, leading to origin takeover when users authorize the client.

Amit Schendel
Amit Schendel
6 views•5 min read
•about 3 hours ago•GHSA-9H47-PQCX-HJR4
9.8

GHSA-9H47-PQCX-HJR4: Insecure Cryptographic Defaults in Better Auth OIDC Provider

The Better Auth framework's OIDC provider implementation (oidcProvider) contained insecure cryptographic defaults before version 1.6.11. It advertised the insecure alg=none signing algorithm and accepted plain PKCE challenges by default, leaving downstream clients vulnerable to token signature bypasses and authorization code interception attacks.

Alon Barad
Alon Barad
5 views•6 min read
•about 4 hours ago•GHSA-2VG6-77G8-24MP
3.8

GHSA-2vg6-77g8-24mp: Insufficient Session Expiration via Incomplete Cleanup in Better Auth Ecosystem

A critical session persistence vulnerability exists within the Better Auth framework when configured to use external secondary storage (such as Redis or Cloudflare KV) with default database options. Due to four incomplete user-deletion code paths, active user sessions are not evicted from secondary storage caches during deletion events. As a result, deleted users retain full system access via their pre-existing session cookies until the Session Time-To-Live (TTL) expires.

Amit Schendel
Amit Schendel
5 views•5 min read