CVE-2026-22250

low-risk

Published 2026-01-12

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.5/10 Low

LOCAL / HIGH complexity

Affected Products (1)

Wlc

Affected Vendors

Weblate

References (3)

Patch https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa...

Issue Tracking https://github.com/WeblateOrg/wlc/pull/1097

Third Party Advisory https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh

/ 100

low-risk

Severity 6/34 · Minimal

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal