CVE-2026-22250

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.

CVSS v3 2.5 LOW

2.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3	Patch
https://github.com/WeblateOrg/wlc/pull/1097	Issue Tracking
https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:weblate:wlc:*:*:*:*:*:*:*:*

History

27 Jan 2026, 20:37

Type	Values Removed	Values Added
References	~~() https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3 -~~	() https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3 - Patch
References	~~() https://github.com/WeblateOrg/wlc/pull/1097 -~~	() https://github.com/WeblateOrg/wlc/pull/1097 - Issue Tracking
References	~~() https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh -~~	() https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh - Third Party Advisory
CPE		cpe:2.3:a:weblate:wlc::::::::
First Time		Weblate wlc Weblate

12 Jan 2026, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-12 18:15

Updated : 2026-01-27 20:37

NVD link : CVE-2026-22250

Mitre link : CVE-2026-22250

CVE.ORG link : CVE-2026-22250

JSON object : View

Products Affected

weblate

CWE

CWE-295

Improper Certificate Validation

2.5 /10