Weblate threat model

Project: Weblate

Last reviewed for Weblate 2026.6 at commit 491e79010b2.

Date: 2026-05-14.

Status: Accepted, 2026-05-14.

Version binding: This model is versioned with Weblate releases. A report against Weblate version N is triaged against the model published for version N, not against the latest development branch. (maintainer)

Reporting cross-reference: Reports that violate a property Weblate claims in Security properties Weblate provides are reported through SECURITY.md and Vulnerability and incident handling. Reports that fall under Out of scope or Security properties Weblate does not provide can be closed by citing this document unless this model routes them to VALID-HARDENING. (documented) (source: Vulnerability and incident handling)

Provenance legend: *(documented)* means the claim is stated in Weblate documentation; *(maintainer)* means it was stated by a maintainer during this threat-model process; *(inferred)* means it was reasoned from the current project shape and needs maintainer confirmation.

Provenance summary: 97 documented / 65 maintainer / 0 inferred claims.

Weblate is a Django-based web localization platform. It accepts work from browser users, API clients, project-scoped tokens, repository webhooks, VCS repositories, backup archives, background workers, and configured external services, then stores and synchronizes translation projects through a database, datastore, local filesystem repositories, and external code-hosting systems. (documented) (source: Weblate Documentation, REST API Weblate, Ciągła lokalizacja)

Scope and intended use

Component family	Representative surface	Outside-process effects	Model status
Web UI and REST API	Browser views, forms, session endpoints, REST API Weblate	Database, datastore, e-mail, logs, uploaded files	In scope. (documented) (source: REST API Weblate, Instrukcje konfiguracji)
Authentication, sessions, and authorization	Login, 2FA, SSO, teams, permissions, project access, API tokens	Database, identity providers, browser cookies	In scope. (documented) (source: Uwierzytelnienie, Kontrola dostępu)
Project-scoped API tokens	Tokens created in project API access	Same application effects as the token permissions allow	In scope as authenticated actors with delegated project scope. (documented) (source: REST API Weblate, Kontrola dostępu)
Webhooks	Hooki powiadomień, project Włącz hooki	Background task scheduling and VCS repository updates	In scope as a public, deployment-hardened interface. (documented) (source: Hooki powiadomień, Włącz hooki)
VCS integration	Repository URLs, branches, pushes, pulls, merge requests, local clones	Filesystem, child VCS commands, SSH/HTTPS network connections	In scope when reachable through Weblate configuration or project content. (documented) (source: Ciągła lokalizacja, Code hosting integrations)
Background tasks	Celery queues for repository updates, notifications, translation memory, translation, and backups	Database, datastore, filesystem, outbound network	In scope as Weblate-controlled execution of user or operator actions. (documented) (source: Instrukcje konfiguracji)
Project backup import/export	Project level backups, import_projectbackup	Uploaded ZIP archives, filesystem restore, repository state	In scope. (documented) (source: Tworzenie kopii zapasowych i przenoszenie weblate, Polecenia zarządzania)
Service backup	BorgBackup configuration and backup	Local or remote backup storage over filesystem or SSH	In scope for Weblate’s handling of configured backup jobs; Borg itself is out of scope. (documented) (source: Tworzenie kopii zapasowych i przenoszenie weblate, Polecenia zarządzania)
Machine translation and outbound integrations	Machine translation, avatars, status reporting, VCS hosts, CDN add-on	Outbound HTTP(S), provider APIs, logs	In scope for Weblate’s enforcement of configured access and network restrictions. Provider behavior is out of scope. (documented) (source: Konfiguracja, Dodatki)
Dodatki	Built-in add-ons and administrator-configured add-on execution	Varies by add-on; can mutate repositories or contact services	Built-in add-ons are in scope when enabled. Third-party add-ons are out of scope except for Weblate’s permission and installation gates. (maintainer)
Polecenia zarządzania	weblate commands run by an operator	Database, filesystem, VCS, backup storage	In scope when processing untrusted Weblate data; the local operator shell is trusted. (maintainer)
Tests, generated docs, screenshots, development fixtures	docs/_build/, docs/screenshots/, tests, local fixtures	Development-only files and generated artifacts	Out of scope for product security claims. (maintainer)

The intended deployment is a server-side Weblate installation behind a web server or reverse proxy, with a WSGI application server, PostgreSQL database, datastore, Celery workers, a writable data directory, and optional outbound VCS, backup, identity-provider, and machine-translation integrations. (documented) (source: Instrukcje konfiguracji)

The relevant actors are split by trust level: unauthenticated clients, authenticated users, reviewers, project managers, administrators, project-scoped API tokens, webhook senders, external VCS providers, configured external services, and local operators. (documented) (source: Kontrola dostępu, REST API Weblate)

Weblate is not intended to be embedded as an in-process security library, used as a sandbox for untrusted code, or exposed without the deployment controls documented for production use. (maintainer)

Out of scope

The following are explicit non-goals for this model:

• A compromised operating system account, container runtime, database server, datastore, reverse proxy, or administrator shell. Weblate runs inside those boundaries and does not claim to protect itself from an already-compromised host. (maintainer)

• A malicious Weblate site administrator or local operator with unrestricted server access. Such an actor can change settings, credentials, data, or code. (maintainer)

• Vulnerabilities in third-party dependencies as independent projects. General Django, Django REST framework, Python Social Auth, BorgBackup, VCS, database, and provider vulnerabilities are reported upstream unless the issue is in Weblate’s use of them. (documented) (source: Vulnerability and incident handling)

• Build and release hygiene, including action pinning, artifact signing, dependency freshness, and repository branch protection. These affect project operations but are not threat-model claims about Weblate runtime behavior. (maintainer)

• General security of external VCS providers, identity providers, mail servers, machine-translation services, avatar services, CDN storage, or backup storage. Weblate models only its configured interactions with them. (maintainer)

• User organizations» translation-supply-chain choices outside Weblate. Outsourced or crowdsourced translator risks are described separately in Localization Threat Model. (documented) (source: Localization Threat Model)

• Third-party add-on code, local customization code, development fixtures, generated documentation output, test-only code, and demo or example data. (maintainer)

Trust boundaries and data flow

Weblate’s primary trust boundary is the network-facing application surface: browser views, API endpoints, webhook endpoints, and upload endpoints accept data from less-trusted actors and translate it into database rows, local repository state, background tasks, outbound requests, and rendered UI. (maintainer)

Boundary	Trust transition
Client browser/API client to Weblate	Untrusted or authenticated requests become permission-checked application actions. (documented) (source: REST API Weblate, Kontrola dostępu)
Webhook sender to Weblate	Public forge notifications can schedule repository synchronization where hooks are enabled. (documented) (source: Hooki powiadomień, Włącz hooki)
Weblate to database/datastore	Permission-checked application state becomes persistent data and queued work. (documented) (source: Instrukcje konfiguracji)
Weblate to local VCS repositories	Project configuration and repository content drive filesystem and VCS operations. (documented) (source: Ciągła lokalizacja)
Weblate to external services	Configured URLs, credentials, and provider settings drive outbound network connections. (documented) (source: Code hosting integrations, Konfiguracja)
Backup archive to Weblate filesystem	Uploaded ZIP members and metadata become restored project state. (documented) (source: Tworzenie kopii zapasowych i przenoszenie weblate)

Reachability preconditions:

• A web UI or API finding is in model only when reachable by an unauthenticated client, authenticated user, or project-scoped token through documented routes, forms, or API endpoints. (maintainer)

• An authorization finding is in model only when it crosses a documented permission, team, project, component, language, glossary, token, or site-wide boundary. (documented) (source: Kontrola dostępu)

• A webhook finding is in model only when a request can reach an enabled hook endpoint and affect repository update scheduling, task volume, or information returned to the caller. (documented) (source: Hooki powiadomień, Włącz hooki)

• A VCS finding is in model only when attacker-controlled or less-trusted repository data, branch names, URLs, file names, commit metadata, or project configuration can influence Weblate’s VCS operations. (maintainer)

• A backup import finding is in model only when reachable from a project backup uploaded through Weblate or supplied to import_projectbackup. (documented) (source: Project level backups, import_projectbackup)

• A background-task finding is in model only when the task can be queued from an in-scope Weblate surface or scheduled Weblate maintenance path. (documented) (source: Instrukcje konfiguracji)

• A management-command finding is in model only when untrusted Weblate data is processed by the command; arbitrary local shell access is not an attacker capability. (maintainer)

Environment assumptions

Weblate assumes a supported Python and Django runtime, a correctly configured database, a datastore, a writable data directory, and running workers for features that require background processing. (documented) (source: Instrukcje konfiguracji)

Production deployments are expected to configure the external web server or reverse proxy consistently with Weblate’s HTTPS, host header, body-size, and proxy-header settings. (documented) (source: Instrukcje konfiguracji, ENABLE_HTTPS, ALLOWED_HOSTS)

The database, datastore, and internal service ports are assumed not to be directly exposed to untrusted networks. (maintainer)

Filesystem permissions are assumed to prevent unrelated local users from modifying Weblate’s data directory, configuration, VCS repositories, generated SSH wrappers, backups, and secret material. (documented) (source: Tworzenie kopii zapasowych i przenoszenie weblate, Instrukcje konfiguracji)

Celery workers are trusted components of the same Weblate instance. A malicious or compromised worker is equivalent to a compromised application process. (maintainer)

VCS command execution, SSH, and HTTPS clients are assumed to execute as the Weblate service user with the credentials configured for the relevant project or integration. (documented) (source: Code hosting integrations, SSH_EXTRA_ARGS)

What Weblate does to its host:

• It opens outbound network connections for configured VCS, identity-provider, avatar, machine-translation, backup, status-reporting, and add-on features. (documented) (source: Konfiguracja, Code hosting integrations, Tworzenie kopii zapasowych i przenoszenie weblate)

• It runs VCS and backup-related helper commands as part of repository and backup workflows. (documented) (source: Ciągła lokalizacja, Tworzenie kopii zapasowych i przenoszenie weblate)

• It writes to the configured data directory, repository storage, media/fonts, backup dumps, logs, and cache locations. (documented) (source: Konfiguracja, Tworzenie kopii zapasowych i przenoszenie weblate)

• It sends e-mail and notifications when configured to do so. (documented) (source: Konfiguracja)

• It does not claim to be free of process-wide side effects such as logging, cache writes, subprocess execution, or outbound network access. (maintainer)

Build-time and configuration variants

Knob	Default or documented posture	Effect on the model	Maintainer stance
ENABLE_HOOKS and Włącz hooki	Anonymous remote hooks are configurable and must also be enabled for a project. (documented)	Exposes webhook endpoints as a public scheduling interface. Abuse resistance depends on deployment controls. (documented) (source: Hooki powiadomień, Włącz hooki)	Production deployments exposing hooks use reverse-proxy rate limits, body-size limits, monitoring, and minimal public exposure. (maintainer)
ENABLE_HTTPS, proxy SSL headers, and HSTS settings	HTTPS affects secure cookies, redirects, HSTS, WebAuthn, and generated URLs. (documented) (source: ENABLE_HTTPS)	Disabling or misconfiguring HTTPS removes transport and cookie protections that Weblate relies on for browser security. (documented) (source: ENABLE_HTTPS)	The documented production posture is HTTPS with correct proxy headers. (documented)
ALLOWED_HOSTS	Configures accepted HTTP hostnames. (documented) (source: ALLOWED_HOSTS)	Broad host acceptance can weaken host-header based protections and URL generation assumptions. (maintainer)	Production deployments restrict this to instance hostnames. (maintainer)
WEBLATE_API_RATELIMIT_ANON, WEBLATE_API_RATELIMIT_USER, and RATELIMIT_ATTEMPTS	Rate limits are configurable. (documented) (source: REST API Weblate, Konfiguracja)	Availability claims assume rate limits appropriate to deployment size and exposure. (maintainer)	Disabling rate limits changes DoS triage from Weblate bug to deployment posture unless a single request violates a claimed property. (maintainer)
CSP_SCRIPT_SRC, CSP_IMG_SRC, CSP_CONNECT_SRC, CSP_STYLE_SRC, CSP_FONT_SRC, CSP_FORM_SRC	Content Security Policy sources are configurable. (documented) (source: Konfiguracja)	Broadening sources can reduce browser-side containment for XSS or third-party content. (maintainer)	Deployments adding third-party sources accept that expanded browser trust. (maintainer)
PROJECT_BACKUP_UPLOAD_MAX_SIZE, PROJECT_BACKUP_IMPORT_MAX_MEMBERS, PROJECT_BACKUP_IMPORT_MAX_TOTAL_UNCOMPRESSED_SIZE, PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_SIZE, PROJECT_BACKUP_IMPORT_MIN_RATIO_SIZE, PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_RATIO	Defaults bound project backup upload and import size, member count, and suspicious compression ratios. (documented) (source: Konfiguracja)	Raising or disabling these limits expands restore-time resource exposure. (documented) (source: Konfiguracja)	The defaults documented above are part of backup-import resource guarantees. (documented)
Private-target restrictions and allowlists for outbound URLs	User-configurable outbound URL surfaces documented with private-target restriction settings reject internal or non-public targets by default. (documented) (source: ASSET_RESTRICT_PRIVATE, PROJECT_WEB_RESTRICT_PRIVATE, WEBHOOK_RESTRICT_PRIVATE, VCS_RESTRICT_PRIVATE)	Allowlist settings and privileged configuration can intentionally expand reachability. (documented) (source: ASSET_PRIVATE_ALLOWLIST, PROJECT_WEB_RESTRICT_ALLOWLIST, WEBHOOK_PRIVATE_ALLOWLIST, VCS_ALLOW_HOSTS)	Default private-target rejection is an application-level security property for the documented user-configurable URL surfaces. (maintainer)
SSH_EXTRA_ARGS	Allows custom SSH options. (documented) (source: SSH_EXTRA_ARGS)	Weakening SSH algorithms or host verification changes VCS transport assumptions. (maintainer)	Operators own the security impact of custom SSH options. (maintainer)
Third-party add-ons and local customization	Administrators can extend behavior. (documented) (source: Dodatki)	Custom code can add new trust boundaries and security properties outside this model. (maintainer)	Third-party code is modeled separately. (maintainer)

Input assumptions

Surface	Input	Attacker-controllable?	Caller or operator must enforce
Browser forms and REST API	Request bodies, query strings, uploaded files, headers, cookies	Yes, within the actor’s authentication state. (documented) (source: REST API Weblate)	HTTPS, correct host/proxy configuration, rate limits, and permission assignment. (documented) (source: Instrukcje konfiguracji, Kontrola dostępu)
Authentication endpoints	Passwords, WebAuthn data, SSO callbacks, reset tokens	Yes. (documented) (source: Uwierzytelnienie)	Correct identity-provider configuration and HTTPS. (documented) (source: Uwierzytelnienie, ENABLE_HTTPS)
Project-scoped tokens	API requests authenticated by token	Yes, by whoever holds the token. (documented) (source: REST API Weblate)	Token storage, rotation, and least-privilege team membership. (maintainer)
Translation content	Source strings, translations, comments, suggestions, glossary entries	Yes, from users with relevant permissions or imported repositories. (documented) (source: Tłumaczenie za pomocą Weblate, Kontrola dostępu)	Review workflows for project-specific content integrity. (documented) (source: Proces tłumaczenia)
Webhook endpoints	Headers, event type, body, repository and branch metadata	Yes, where endpoint is reachable. (documented) (source: Hooki powiadomień)	Hook enablement only where needed, request limits, and monitoring. (maintainer)
Repository configuration	Repository URLs, branches, push URLs, credentials, add-on settings	Trusted to users with corresponding management permissions. (documented) (source: Kontrola dostępu, Ciągła lokalizacja)	Assign VCS and project management permissions only to trusted users. (documented) (source: Kontrola dostępu)
External repository content	Translation files, paths, branch names, commit metadata	Yes, if the upstream repository is controlled by another actor. (maintainer)	Trust the configured upstream repository or review imported changes. (maintainer)
Project backup import	ZIP archive members, metadata, translation files, repository state	Yes, for whoever can upload or provide the backup. (documented) (source: Project level backups)	Keep import limits at values appropriate for the instance. (documented) (source: Konfiguracja)
Machine translation and external service configuration	Provider URLs, credentials, model or service settings	Trusted to administrators or users granted configuration permissions. (documented) (source: Automatyczne sugestie, Kontrola dostępu)	Treat configured providers as recipients of the data sent to them; the submitted content varies by provider and enabled feature. (maintainer)
Polecenia zarządzania	Command-line arguments and files supplied by the local operator	Trusted local input unless processing Weblate data or project backups. (maintainer)	Restrict shell access to trusted operators. (maintainer)

Size and rate assumptions:

• Weblate relies on application and reverse-proxy upload limits for large HTTP requests. (documented) (source: PROJECT_BACKUP_UPLOAD_MAX_SIZE)

• Project backup imports are bounded by member count, aggregate uncompressed size, compressed entry size, minimum ratio size, and compression ratio settings. (documented) (source: Konfiguracja)

• API and selected web actions are expected to be protected by configured rate limits. (documented) (source: REST API Weblate, Konfiguracja)

• Repository size, number of projects, number of components, and worker capacity are deployment-sizing concerns unless a single in-scope input bypasses documented limits or permissions. (maintainer)

Adversary model

Actor	In-scope capabilities	Out-of-scope capabilities
Unauthenticated internet client	Send HTTP(S) requests to public pages, registration, login, API, and reachable webhook endpoints. (documented) (source: REST API Weblate)	Read server memory, bypass reverse proxy controls, or access internal services directly. (maintainer)
Authenticated user	Perform actions allowed by assigned teams, permissions, and workflow. (documented) (source: Kontrola dostępu)	Act outside assigned permissions without exploiting a Weblate flaw. (documented) (source: Kontrola dostępu)
Reviewer or project manager	Exercise delegated project, component, language, review, VCS, translation memory, screenshot, or access-management permissions. (documented) (source: Kontrola dostępu)	Become a site administrator unless granted that role or exploiting a Weblate flaw. (maintainer)
Project-scoped API token holder	Use API permissions assigned to the token’s team memberships. (documented) (source: REST API Weblate, Kontrola dostępu)	Access projects, components, or site-wide functions outside its scope. (documented) (source: Kontrola dostępu)
Webhook sender	Send forged, replayed, malformed, or high-volume webhook requests to enabled hook endpoints. (documented) (source: Hooki powiadomień)	Obtain forge-authenticated identity where Weblate does not verify it. (maintainer)
External VCS or service provider	Return repository data, API responses, redirects, or errors according to the configured integration. (documented) (source: Code hosting integrations)	Compromise the Weblate host except through data or protocol behavior Weblate processes. (maintainer)
Translator or localization contributor	Submit translation content that downstream applications might consume. (documented) (source: Localization Threat Model)	Control downstream application escaping, rendering, or review policy outside Weblate. (documented) (source: Localization Threat Model)
Local operator	Run management commands, change configuration, and access backups. (documented) (source: Polecenia zarządzania, Tworzenie kopii zapasowych i przenoszenie weblate)	Local malicious operators are trusted for this model. (maintainer)

The modeled attacker tries to bypass authorization, modify translation or repository data without permission, disclose private project or user data, forge or abuse repository synchronization, trigger unsafe outbound requests, execute commands through Weblate-controlled workflows, or exhaust bounded application resources. (maintainer)

Security properties Weblate provides

Property	Conditions	Violation symptom	Severity tier
Web authorization separates site, project, component, language, glossary, VCS, translation memory, screenshot, review, and access management permissions. (documented) (source: Kontrola dostępu)	Permission assignments match the intended trust relationship.	User or token can read or mutate data outside assigned scope.	Security-critical when private data or privileged mutation is exposed.
Project-scoped API tokens are limited by assigned project/team permissions. (documented) (source: REST API Weblate, Kontrola dostępu)	Token is created and stored by a trusted actor.	Token can act outside project or team scope.	Security-critical.
Authentication and session controls protect browser sessions when HTTPS and proxy settings are correct. (documented) (source: Uwierzytelnienie, ENABLE_HTTPS)	Production HTTPS and secure-cookie settings are enabled.	Session fixation, credential bypass, or cross-user session confusion.	Security-critical.
User-supplied content rendered by Weblate is expected not to execute script in other users» browsers. (maintainer)	Content is displayed through Weblate UI templates and standard escaping.	Stored or reflected XSS in the Weblate origin.	Security-critical.
Repository, branch, path, and VCS inputs processed by Weblate must not become shell command execution. (maintainer)	VCS operations are invoked through Weblate-supported repository workflows and configured credentials.	Command injection or arbitrary code execution as the Weblate user.	Security-critical.
Private project data, user data, credentials, tokens, SSH keys, and 2FA secrets are not disclosed to actors lacking permission. (documented) (source: Kontrola dostępu, Privacy regulations compliance)	Host, database, and storage permissions are intact.	Cross-project data leak, credential exposure, or unauthorized export.	Security-critical.
Backup import rejects archives exceeding documented upload, member, aggregate size, and suspicious compression thresholds. (documented) (source: Konfiguracja, Project level backups)	Defaults or stricter limits remain configured.	Oversized or highly amplified archive is accepted past configured thresholds.	Security-critical for single-request DoS; otherwise availability bug.
Documented user-configurable outbound URL surfaces reject internal or non-public targets by default. (documented) (source: ASSET_RESTRICT_PRIVATE, PROJECT_WEB_RESTRICT_PRIVATE, WEBHOOK_RESTRICT_PRIVATE, VCS_RESTRICT_PRIVATE)	Default private-target checks are enabled and no trusted allowlist exemption applies.	A user-configurable screenshot URL, remote HTML URL, project website or repository browser URL, outbound webhook URL, or VCS URL reaches an internal or non-public target despite default controls.	Security-critical when it exposes internal services or metadata.
Weblate records security-relevant account, permission, and project or component setting changes in audit logs or history. (documented) (source: Privacy regulations compliance, Weblate 2026.6)	Logging is configured and storage is available.	Missing audit trail for an action Weblate claims to log.	Security-critical when it blocks investigation of privileged changes; correctness-only for minor event gaps.
Rate-limited API and web actions enforce configured rate limits. (documented) (source: REST API Weblate, Konfiguracja)	Rate limiting is enabled and backed by a working datastore.	Requests exceeding configured thresholds continue to be processed.	Availability/security hardening depending on endpoint sensitivity.
Weblate does not intentionally expose database, datastore, backup storage, or raw internal storage directly through the public web interface; exported VCS repositories are intentionally exposed by Eksporter Git when that optional module is enabled. (maintainer)	Deployment does not serve internal storage paths as static files except for documented export features.	Public request retrieves raw internal storage, configuration, or non-exported repository data.	Security-critical.

Resource thresholds in this model are the documented configuration defaults where they exist, especially backup import limits and rate limits. For repository size, project count, component count, and translation volume, Weblate does not claim a fixed universal resource ceiling independent of deployment capacity. (maintainer)

Security properties Weblate does not provide

Weblate does not authenticate every webhook delivery cryptographically for all supported forge integrations. Hook endpoints are compatibility-oriented and deployment-hardened rather than uniformly forge-authenticated. Reports that show only unauthenticated triggering within modeled effects are VALID-HARDENING rather than BY-DESIGN. (maintainer)

Weblate does not make an unauthenticated webhook equivalent to a trusted forge identity. Hook processing can trigger update workflows, but attribution and authenticity are weaker than for an authenticated user or token. (maintainer)

Weblate is not a sandbox for malicious administrators, malicious local operators, third-party add-ons, custom deployment code, VCS clients, or backup tools. (maintainer)

Weblate does not guarantee that translation content is safe when copied into a downstream product without that product’s own escaping, validation, or review. Translation checks and review workflows help manage localization quality and risk; they are not a complete downstream application security boundary. (documented) (source: Localization Threat Model, Kontrole i korekty)

False friends:

• Weblate permissions are application authorization, not a host sandbox. A user granted VCS or project management permissions can intentionally configure integrations within that role’s power. (maintainer)

• Webhook project matching and event parsing are not proof that the sender is the legitimate forge when the integration does not authenticate the delivery. (maintainer)

• Translation checks detect common quality and format problems; they are not a guarantee that translated strings are safe for every downstream renderer. (documented) (source: Kontrole i korekty, Localization Threat Model)

• BorgBackup encryption protects backup archives according to Borg’s design; Weblate does not add a separate cryptographic guarantee for Borg internals. (documented) (source: Tworzenie kopii zapasowych i przenoszenie weblate)

• Rate limits reduce abuse of configured endpoints; they are not a guarantee of availability under volumetric network attacks. (maintainer)

Well-known attack classes left partly or wholly to deployment or downstream systems:

• Phishing and credential reuse are mitigated by authentication policy and 2FA, but Weblate cannot prevent users from disclosing credentials outside the service. (maintainer)

• Malicious translations can become XSS, format-string, command, or policy problems in downstream applications that render them unsafely. (documented) (source: Localization Threat Model)

• User-configurable outbound URL surfaces with documented private-target restrictions reject internal or non-public targets by default; privileged allowlists, proxies, and administrator-controlled configuration can intentionally expand reachability. (maintainer)

• Large repository histories, project scale, and background task volume require deployment sizing and operational limits beyond Weblate’s single-input validation. (maintainer)

Downstream responsibilities

Operators must deploy Weblate behind production-grade HTTPS with correct proxy headers, hostnames, request-size limits, and secure-cookie behavior. (documented) (source: Instrukcje konfiguracji, ENABLE_HTTPS, ALLOWED_HOSTS)

Operators must assign teams, roles, project-scoped tokens, VCS credentials, and project management permissions according to least privilege for their organization. (documented) (source: Kontrola dostępu, REST API Weblate)

Operators exposing Hooki powiadomień must enable them only where needed and provide deployment controls such as reverse-proxy rate limits, body-size limits, monitoring, and optional source restrictions. (maintainer)

Operators must treat private-target allowlists, proxies, and privileged outbound integration settings as intentional expansion of Weblate’s default network reachability limits. (maintainer)

Operators must keep backup import limits, API rate limits, and web rate limits at values that match instance capacity and exposure. (documented) (source: Konfiguracja)

Operators must protect the Weblate data directory, configuration, backup credentials, generated keys, database, datastore, and local shell access as trusted infrastructure. (documented) (source: Tworzenie kopii zapasowych i przenoszenie weblate, Instrukcje konfiguracji)

Downstream product teams must treat translated strings as untrusted content in their own applications unless they have separately reviewed, escaped, and validated them for the target renderer. (documented) (source: Localization Threat Model)

Known misuse patterns

• Exposing webhook endpoints broadly, enabling project hooks, and relying on webhook payloads as authenticated forge identity. This is unsafe because some supported hooks are compatibility-oriented. Use deployment controls and prefer authenticated integrations where available. (maintainer)

• Granting project management, VCS, or access-management permissions to users who are trusted only as translators. This is unsafe because those permissions can affect repositories, credentials, or other users. Assign narrower roles. (documented) (source: Kontrola dostępu)

• Sending sensitive source strings or private customer content to machine translation providers without treating the provider as a data recipient. This is unsafe because Weblate must transmit content to the configured service, and the submitted content varies by provider and enabled feature. Configure providers according to the data policy for the project. (maintainer)

• Importing project backups from untrusted sources as an administrative convenience. This is unsafe because backups carry project metadata, translation content, and repository state. Keep import limits enabled and import only backups appropriate for the target instance. (documented) (source: Tworzenie kopii zapasowych i przenoszenie weblate)

• Treating Weblate translation checks as proof that downstream applications cannot be attacked through translated strings. This is unsafe because the downstream renderer defines the final execution context. Review and escape translations in the consuming application. (documented) (source: Localization Threat Model)

Known non-findings

• A report that a reachable webhook can be called without forge authentication and only triggers modeled update scheduling is not VALID by itself. It is routed to VALID-HARDENING unless it bypasses documented limits, leaks data, or causes effects beyond modeled scheduling. (maintainer)

• A report that a project manager can change repository settings, VCS credentials, or project configuration is not a vulnerability when the actor has the documented permission for that action. (documented) (source: Kontrola dostępu)

• A report against third-party add-on behavior is not a Weblate core vulnerability unless the report shows Weblate’s permission or installation boundaries are bypassed. (maintainer)

• A report that a malicious local operator can read configuration, run management commands, or alter files is out of model because local operators are trusted infrastructure. (maintainer)

• A report that a downstream application renders a dangerous translation is not a Weblate vulnerability unless Weblate itself violates a claimed property while storing, checking, reviewing, or displaying that translation. (documented) (source: Localization Threat Model)

Conditions that change this model

Revise this model when Weblate adds a new public endpoint family, a new authentication or token mode, a new default deployment mode, a new backup or import format, a new VCS execution path, a new outbound integration class, a new add-on execution capability, or a change to defaults for hooks, HTTPS, rate limits, CSP, private-network access, or backup import limits. (maintainer)

Revise this model when an unsupported component becomes supported product surface, when a documented security property is removed or narrowed, or when maintainers accept a vulnerability report that cannot be routed to a triage disposition below. (maintainer)

Triage dispositions

Disposition	Meaning	Licensed by
VALID	Violates a property Weblate claims, through an in-scope actor and input.	Security properties Weblate provides, Input assumptions, Adversary model
VALID-HARDENING	No claimed property is violated, but Weblate chooses to reduce a known misuse risk, such as compatibility webhook triggering that stays within modeled effects.	Known misuse patterns, Security properties Weblate does not provide
OUT-OF-MODEL: trusted-input	Requires attacker control of input this model marks trusted.	Input assumptions
OUT-OF-MODEL: adversary-not-in-scope	Requires a capability this model excludes.	Adversary model
OUT-OF-MODEL: unsupported-component	Lands in third-party add-ons, generated docs, tests, local customization, or another component marked out of scope.	Out of scope
OUT-OF-MODEL: non-default-build	Manifests only after deployment choices that knowingly remove a claimed property.	Build-time and configuration variants
BY-DESIGN: property-disclaimed	Concerns a property Weblate explicitly does not provide.	Security properties Weblate does not provide
KNOWN-NON-FINDING	Matches a documented recurring false positive.	Known non-findings
MODEL-GAP	Cannot be cleanly routed to any disposition above.	Conditions that change this model