Vulnerability in Tolgee's Cloud Platform Allows Reading /etc/passwd File

The post describes a vulnerability in Tolgee’s cloud platform where an attacker could read the /etc/passwd file by exploiting an XXE (XML External Entity) flaw during translation file uploads. The issue was assigned CVE-2026-32251 with a CVSS score of 9.3. The vulnerability involved improper handling of XML files during the import process.