Browse all 6 CVE security advisories affecting tolgee. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Tolgee is a cloud-based localization platform enabling developers to manage translations across applications. Historically, vulnerabilities have included stored cross-site scripting (XSS) due to improper input sanitization in translation fields, remote code execution (RCE) via unsafe deserialization in API endpoints, and privilege escalation through broken access controls in administrative functions. Security assessments reveal consistent issues with insufficient output encoding and inadequate authentication mechanisms. While no major public incidents have been widely documented, the six CVEs indicate recurring patterns of web application vulnerabilities, particularly in how user-generated content is processed and how privilege boundaries are enforced within the platform's translation management workflow.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32251 | Tolgee has an XXE Injection in Translation Import — tolgee-platformCWE-611 | 6.5AI | MediumAI | 2026-03-12 |
| CVE-2024-52297 | Tolgee's configuration all configuration properties leaked in public configuration DTO — tolgee-platformCWE-200 | 9.8 | Critical | 2024-11-12 |
| CVE-2024-32470 | Tolgee' API keys created by server admin users bypass the permission check — tolgee-platformCWE-863 | 6.5 | Medium | 2024-04-18 |
| CVE-2024-32466 | Tolgee's API key scopes not checked when querying translation data — tolgee-platformCWE-862 | 2.7 | Low | 2024-04-18 |
| CVE-2023-41316 | HTML Injection with email in Tolgee — tolgee-platformCWE-79 | 5.5 | Medium | 2023-09-07 |
| CVE-2023-38510 | Tolgee Lacks Permission Check for API Key for some endpoints — tolgee-platformCWE-862 | 8.1 | High | 2023-07-27 |
This page lists every published CVE security advisory associated with tolgee. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.