GHSA-2mmv-7rrp-g8xh

Source

https://github.com/advisories/GHSA-2mmv-7rrp-g8xh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-2mmv-7rrp-g8xh/GHSA-2mmv-7rrp-g8xh.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2mmv-7rrp-g8xh

Aliases

CVE-2026-22250

Published

2026-01-12T16:13:33Z

Modified

2026-02-03T03:02:18.790123Z

Severity

2.5 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CVSS Calculator

Summary

Weblate command-line client susceptible to SSL verification skip

Details

Impact

The SSL verification would be skipped for some crafted URLs.

Patches

https://github.com/WeblateOrg/wlc/pull/1097

Workarounds

Avoid using untrusted wlc configurations, as that might cause insecure connections.

References

This issue was reported to us by wh1zee via HackerOne.

Database specific

{
    "severity": "LOW",
    "cwe_ids": [
        "CWE-295"
    ],
    "github_reviewed_at": "2026-01-12T16:13:33Z",
    "github_reviewed": true,
    "nvd_published_at": "2026-01-12T18:15:49Z"
}

References

Affected packages

PyPI / wlc

Package

Name: wlc; View open source insights on deps.dev
Purl: pkg:pypi/wlc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.0

Affected versions

0.*

0.0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

0.10

1.*

1.0

1.1

1.2

1.3

1.4

1.5

1.6

1.7

1.8

1.9

1.10

1.11

1.12

1.13

1.14

1.15

1.16.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-2mmv-7rrp-g8xh/GHSA-2mmv-7rrp-g8xh.json"