Weblate before version 5.17 contains an improper privilege management vulnerability (CWE-269) in its user patching API endpoint. This flaw allows users with limited privileges to edit data beyond their authorized scope, potentially leading to unauthorized changes affecting confidentiality, integrity, and availability. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high severity. The vendor fixed this issue in version 5.17. No official remediation level or patch link is provided in the data, but upgrading to version 5.17 or later addresses the problem.

Exploitation of this vulnerability could allow an attacker with limited privileges to perform unauthorized edits, potentially compromising the confidentiality, integrity, and availability of the Weblate localization data. The CVSS score of 8.8 reflects a high impact on confidentiality, integrity, and availability. No known exploits have been reported in the wild.

Upgrade Weblate to version 5.17 or later, where this improper privilege management issue has been fixed. Since the product is not a cloud service and no official patch link or advisory is provided, users should rely on the version upgrade as the primary remediation. Patch status is not explicitly confirmed beyond the version fix; verify with the vendor advisory for the latest guidance.