GHSA-2mmv-7rrp-g8xh

Опубликовано: 12 янв. 2026

Источник: github

Github: Прошло ревью

CVSS3: 2.5

Описание

Weblate command-line client susceptible to SSL verification skip

Impact

The SSL verification would be skipped for some crafted URLs.

Patches

https://github.com/WeblateOrg/wlc/pull/1097

Workarounds

Avoid using untrusted wlc configurations, as that might cause insecure connections.

References

This issue was reported to us by wh1zee via HackerOne.

Ссылки

Пакеты

Наименование

wlc

pip

Затронутые версииВерсия исправления

< 1.17.0

1.17.0

EPSS

Процентиль: 1%

0.00011

Низкий

2.5 Low

CVSS3

CVE ID

CVE-2026-22250

Дефекты

CWE-295

Связанные уязвимости

CVE-2026-22250

CVSS3: 2.5

ubuntu

8 дней назад

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.

CVE-2026-22250

CVSS3: 2.5

nvd

8 дней назад

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.

CVE-2026-22250

CVSS3: 2.5

debian

8 дней назад

wlc is a Weblate command-line client using Weblate's REST API. Prior t ...

EPSS

Процентиль: 1%

0.00011

Низкий

2.5 Low

CVSS3

CVE ID

CVE-2026-22250

Дефекты

CWE-295