SSL Verification Bypass in Weblate Command-Line Client
CVE-2026-22250

2.5LOW

Key Information:

Vendor

Weblateorg

Status
Wlc
Vendor
CVE Published:
12 January 2026

What is CVE-2026-22250?

The wlc command-line client for Weblate, utilizing its REST API, exhibited a vulnerability where SSL verification could be bypassed for specially crafted URLs in versions prior to 1.17.0. This flaw could potentially expose users to security risks by allowing unverified connections. The issue has been addressed and fixed in version 1.17.0 to ensure secure communication.

Affected Version(s)

wlc < 1.17.0

References

https://github.com/WeblateOrg/wlc/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/WeblateOrg/wlc/pull/1097
x_refsource_MISC
https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00...
x_refsource_MISC

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.