What is CVE-2026-22250?

CVE-2026-22250 is a low-severity vulnerability in Weblateorg Wlc, classified under Improper Certificate Validation. CVSS score: 2.5/10. Published 2026-01-12.

How severe is CVE-2026-22250?

Low severity. CVSS v3 base score is 2.5 out of 10.

Vulnerability in Weblateorg Wlc

CVE-2026-22250

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.

Vulnerability class: Improper Certificate Validation

EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.5 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N.

Affected products

Weblateorg Wlc — versions < 1.17.0

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh (x_refsource_CONFIRM)
https://github.com/WeblateOrg/wlc/pull/1097 (x_refsource_MISC)
https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-22250?: CVE-2026-22250 is a low-severity vulnerability in Weblateorg Wlc, classified under Improper Certificate Validation. CVSS score: 2.5/10. Published 2026-01-12.
How severe is CVE-2026-22250?: Low severity. CVSS v3 base score is 2.5 out of 10.