CVE-2026-22251

Medium CVSS: 5.3

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers.

Vendor

Weblate

Product

Wlc

CWE

CWE-200

Yayın Tarihi

2026-01-12 18:15:49

Güncelleme

2026-01-27 20:35:05

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Wlc MEDIUM Weblate 2026

Referanslar

https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797 https://github.com/WeblateOrg/wlc/pull/1098 https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766

Benzer Kayıtlar

Medium

CVE-2026-27457

Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's `AddonViewSet` (`weblate/api/views.py`…

Medium

CVE-2026-24126

Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input…

High

CVE-2026-23535

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could wri…

Low

CVE-2026-21889

Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server…

Low

CVE-2026-22250

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped fo…

Critical

CVE-2025-68398

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration re…