GHSA-4rjg-9qq9-25m8MediumCVSS 5.3

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in...

Published
June 29, 2026
Last Modified
June 29, 2026

🔗 CVE IDs covered (1)

📋 Description

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the get_remote_address() function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attackers can bypass per-IP rate limiting and flood bans by supplying forged addresses in the X-Forwarded-For header to enable unlimited API abuse.

🔗 References (6)