Plattform
python
Komponente
wlc
Behoben in
1.17.1
1.17.0
CVE-2026-22250 describes an SSL verification bypass vulnerability in Weblate CLI versions up to 1.9. An attacker could potentially exploit this to establish insecure connections by providing crafted URLs. The vulnerability was reported by wh1zee via HackerOne and has been addressed in version 1.17.0.
The core of this vulnerability lies in the improper handling of SSL verification within the Weblate CLI. An attacker can craft malicious URLs that bypass the standard SSL certificate validation process. This allows them to connect to servers using self-signed certificates or certificates from untrusted Certificate Authorities without proper verification. While the CVSS score is LOW, the potential impact is significant if the attacker can leverage this to intercept sensitive data transmitted over the connection or impersonate legitimate users. This could lead to unauthorized access and data breaches, particularly in environments where Weblate CLI is used to manage translations or other sensitive content.
This vulnerability was reported by [wh1zee] via HackerOne and publicly disclosed on 2026-01-12. There are currently no known public proof-of-concept exploits available. The CVSS score of 2.5 indicates a low probability of exploitation, but the potential impact warrants attention. It is not currently listed on the CISA KEV catalog.
Organizations and individuals using Weblate CLI for automated translation workflows, particularly those relying on external or untrusted URL sources for connection configuration, are at risk. Legacy Weblate CLI installations running versions prior to 1.17.0 are also vulnerable.
• python / cli: Inspect Weblate CLI configuration files for suspicious URLs or connections to untrusted hosts. • python / cli: Monitor Weblate CLI logs for SSL verification errors or unusual connection attempts. • generic web: Check for unusual network traffic patterns originating from Weblate CLI processes.
disclosure
Exploit-Status
EPSS
0.01% (0% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-22250 is to upgrade Weblate CLI to version 1.17.0 or later, which includes the fix for the SSL verification bypass. If upgrading is not immediately feasible, a temporary workaround is to strictly avoid using untrusted Weblate CLI configurations. This means carefully reviewing and validating any custom configurations or URLs used by the CLI. Consider implementing network-level controls, such as a proxy or WAF, to inspect and filter traffic to and from the Weblate CLI, although this is not a direct mitigation. After upgrading, confirm the fix by attempting to connect to a server with a self-signed certificate and verifying that the connection fails with an appropriate SSL verification error.
Aktualisieren Sie das Paket `wlc` auf Version 1.17.0 oder höher. Dies kann mit dem Paketmanager pip mit dem Befehl `pip install --upgrade wlc` erfolgen. Stellen Sie sicher, dass Sie überprüfen, ob das Update erfolgreich war.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22250 is a LOW severity vulnerability in Weblate CLI versions 1.9 and earlier that allows attackers to bypass SSL verification for crafted URLs, potentially leading to insecure connections.
You are affected if you are using Weblate CLI versions 1.9 or earlier. Upgrade to version 1.17.0 or later to mitigate the vulnerability.
Upgrade Weblate CLI to version 1.17.0 or later. As a temporary workaround, avoid using untrusted Weblate CLI configurations.
There is no current evidence of CVE-2026-22250 being actively exploited, but it is important to apply the fix to prevent potential future attacks.
Refer to the Weblate GitHub pull request: https://github.com/WeblateOrg/wlc/pull/1097 for details and the fix.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.