Search criteria
6 vulnerabilities found for wlc by WeblateOrg
CVE-2026-23535 (GCVE-0-2026-23535)
Vulnerability from nvd – Published: 2026-01-16 19:08 – Updated: 2026-01-16 19:21
VLAI?
Title
wlc Path traversal: Unsanitized API slugs in download command
Summary
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.
Severity ?
8.1 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WeblateOrg | wlc |
Affected:
< 1.17.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T19:20:47.706307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T19:21:22.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wlc",
"vendor": "WeblateOrg",
"versions": [
{
"status": "affected",
"version": "\u003c 1.17.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wlc is a Weblate command-line client using Weblate\u0027s REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T19:08:24.882Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-mmwx-79f6-67jg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-mmwx-79f6-67jg"
},
{
"name": "https://github.com/WeblateOrg/wlc/pull/1128",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/pull/1128"
},
{
"name": "https://github.com/WeblateOrg/wlc/commit/216e691c6e50abae97fe2e4e4f21501bf49a585f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/commit/216e691c6e50abae97fe2e4e4f21501bf49a585f"
},
{
"name": "https://github.com/WeblateOrg/wlc/releases/tag/1.17.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/releases/tag/1.17.2"
}
],
"source": {
"advisory": "GHSA-mmwx-79f6-67jg",
"discovery": "UNKNOWN"
},
"title": "wlc Path traversal: Unsanitized API slugs in download command"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23535",
"datePublished": "2026-01-16T19:08:24.882Z",
"dateReserved": "2026-01-13T18:22:43.982Z",
"dateUpdated": "2026-01-16T19:21:22.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22251 (GCVE-0-2026-22251)
Vulnerability from nvd – Published: 2026-01-12 17:55 – Updated: 2026-01-12 18:43
VLAI?
Title
wlc may leak API keys due to an insecure API key configuration
Summary
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WeblateOrg | wlc |
Affected:
< 1.17.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T18:43:08.912343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:43:53.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wlc",
"vendor": "WeblateOrg",
"versions": [
{
"status": "affected",
"version": "\u003c 1.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wlc is a Weblate command-line client using Weblate\u0027s REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:55:09.699Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766"
},
{
"name": "https://github.com/WeblateOrg/wlc/pull/1098",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/pull/1098"
},
{
"name": "https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797"
}
],
"source": {
"advisory": "GHSA-9rp8-h4g8-8766",
"discovery": "UNKNOWN"
},
"title": "wlc may leak API keys due to an insecure API key configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22251",
"datePublished": "2026-01-12T17:55:09.699Z",
"dateReserved": "2026-01-07T05:19:12.921Z",
"dateUpdated": "2026-01-12T18:43:53.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22250 (GCVE-0-2026-22250)
Vulnerability from nvd – Published: 2026-01-12 17:52 – Updated: 2026-01-12 18:07
VLAI?
Title
wlc can skip SSL verification
Summary
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WeblateOrg | wlc |
Affected:
< 1.17.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T18:05:29.339306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:07:33.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wlc",
"vendor": "WeblateOrg",
"versions": [
{
"status": "affected",
"version": "\u003c 1.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wlc is a Weblate command-line client using Weblate\u0027s REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:52:01.390Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh"
},
{
"name": "https://github.com/WeblateOrg/wlc/pull/1097",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/pull/1097"
},
{
"name": "https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3"
}
],
"source": {
"advisory": "GHSA-2mmv-7rrp-g8xh",
"discovery": "UNKNOWN"
},
"title": "wlc can skip SSL verification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22250",
"datePublished": "2026-01-12T17:52:01.390Z",
"dateReserved": "2026-01-07T05:19:12.921Z",
"dateUpdated": "2026-01-12T18:07:33.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23535 (GCVE-0-2026-23535)
Vulnerability from cvelistv5 – Published: 2026-01-16 19:08 – Updated: 2026-01-16 19:21
VLAI?
Title
wlc Path traversal: Unsanitized API slugs in download command
Summary
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.
Severity ?
8.1 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WeblateOrg | wlc |
Affected:
< 1.17.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T19:20:47.706307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T19:21:22.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wlc",
"vendor": "WeblateOrg",
"versions": [
{
"status": "affected",
"version": "\u003c 1.17.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wlc is a Weblate command-line client using Weblate\u0027s REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T19:08:24.882Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-mmwx-79f6-67jg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-mmwx-79f6-67jg"
},
{
"name": "https://github.com/WeblateOrg/wlc/pull/1128",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/pull/1128"
},
{
"name": "https://github.com/WeblateOrg/wlc/commit/216e691c6e50abae97fe2e4e4f21501bf49a585f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/commit/216e691c6e50abae97fe2e4e4f21501bf49a585f"
},
{
"name": "https://github.com/WeblateOrg/wlc/releases/tag/1.17.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/releases/tag/1.17.2"
}
],
"source": {
"advisory": "GHSA-mmwx-79f6-67jg",
"discovery": "UNKNOWN"
},
"title": "wlc Path traversal: Unsanitized API slugs in download command"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23535",
"datePublished": "2026-01-16T19:08:24.882Z",
"dateReserved": "2026-01-13T18:22:43.982Z",
"dateUpdated": "2026-01-16T19:21:22.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22251 (GCVE-0-2026-22251)
Vulnerability from cvelistv5 – Published: 2026-01-12 17:55 – Updated: 2026-01-12 18:43
VLAI?
Title
wlc may leak API keys due to an insecure API key configuration
Summary
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WeblateOrg | wlc |
Affected:
< 1.17.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T18:43:08.912343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:43:53.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wlc",
"vendor": "WeblateOrg",
"versions": [
{
"status": "affected",
"version": "\u003c 1.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wlc is a Weblate command-line client using Weblate\u0027s REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:55:09.699Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766"
},
{
"name": "https://github.com/WeblateOrg/wlc/pull/1098",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/pull/1098"
},
{
"name": "https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797"
}
],
"source": {
"advisory": "GHSA-9rp8-h4g8-8766",
"discovery": "UNKNOWN"
},
"title": "wlc may leak API keys due to an insecure API key configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22251",
"datePublished": "2026-01-12T17:55:09.699Z",
"dateReserved": "2026-01-07T05:19:12.921Z",
"dateUpdated": "2026-01-12T18:43:53.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22250 (GCVE-0-2026-22250)
Vulnerability from cvelistv5 – Published: 2026-01-12 17:52 – Updated: 2026-01-12 18:07
VLAI?
Title
wlc can skip SSL verification
Summary
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WeblateOrg | wlc |
Affected:
< 1.17.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T18:05:29.339306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:07:33.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wlc",
"vendor": "WeblateOrg",
"versions": [
{
"status": "affected",
"version": "\u003c 1.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wlc is a Weblate command-line client using Weblate\u0027s REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:52:01.390Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh"
},
{
"name": "https://github.com/WeblateOrg/wlc/pull/1097",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/pull/1097"
},
{
"name": "https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3"
}
],
"source": {
"advisory": "GHSA-2mmv-7rrp-g8xh",
"discovery": "UNKNOWN"
},
"title": "wlc can skip SSL verification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22250",
"datePublished": "2026-01-12T17:52:01.390Z",
"dateReserved": "2026-01-07T05:19:12.921Z",
"dateUpdated": "2026-01-12T18:07:33.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}