CVE-2026-22250

Description

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.

CVSS Details

CVSS Score

2.5

Severity

LOW

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:weblate:wlc:*:*:*:*:*:*:*:* - VULNERABLE

wlc < 1.17.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
CVE-2026-22250 PoC - wlc SSL Verification Bypass
Note: This is a conceptual demonstration for security research purposes only
"""

import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def test_ssl_bypass():
    """
    This PoC demonstrates the SSL verification bypass in wlc < 1.17.0
    The vulnerability allows skipping SSL verification for specially crafted URLs
    """
    
    # Normal request without SSL verification (demonstrating the bypass)
    # In vulnerable version, wlc would skip SSL check for certain URLs
    
    target_url = "https://malicious-weblate-server.example.com/api/"
    
    # This simulates what a vulnerable wlc client would do
    # It would accept certificates without proper validation
    try:
        # Vulnerable behavior: skipping SSL verification
        response = requests.get(target_url, verify=False, timeout=10)
        print(f"[!] SSL verification bypassed! Status: {response.status_code}")
        print(f"[!] This demonstrates the vulnerability in wlc < 1.17.0")
    except requests.exceptions.SSLError as e:
        print(f"[-] SSL error occurred: {e}")
    except Exception as e:
        print(f"[-] Request failed: {e}")

def demonstrate_mitm_attack():
    """
    Conceptual demonstration of MITM attack using the SSL bypass
    In a real attack scenario:
    1. Attacker sets up a malicious Weblate server or intercepts traffic
    2. User with vulnerable wlc connects to the attacker's server
    3. wlc accepts the fake SSL certificate
    4. Attacker steals credentials/API keys
    """
    print("[*] Attack scenario for CVE-2026-22250:")
    print("[*] 1. Attacker controls a server or network path")
    print("[*] 2. User with wlc < 1.17.0 connects to Weblate server")
    print("[*] 3. wlc skips SSL verification for crafted URL")
    print("[*] 4. Attacker intercepts and steals credentials")
    print("[*] 5. Attacker can now access the real Weblate server")

if __name__ == "__main__":
    print("CVE-2026-22250 - wlc SSL Verification Bypass PoC")
    print("=" * 50)
    test_ssl_bypass()
    demonstrate_mitm_attack()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22250
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22250
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22250/
[4] VulDB https://vuldb.com/cve/CVE-2026-22250
[5] https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3
[6] https://github.com/WeblateOrg/wlc/pull/1097
[7] https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22250", "sourceIdentifier": "[email protected]", "published": "2026-01-12T18:15:49.307", "lastModified": "2026-01-27T20:37:11.263", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0."}, {"lang": "es", "value": "wlc es un cliente de línea de comandos de Weblate que utiliza la API REST de Weblate. Antes de la versión 1.17.0, la verificación SSL se omitiría para algunas URL manipuladas. Esta vulnerabilidad está corregida en la versión 1.17.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N", "baseScore": 2.5, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-295"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:weblate:wlc:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.17.0", "matchCriteriaId": "B01083E5-842F-4D93-8069-D4578C071C90"}]}]}], "references": [{"url": "https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/WeblateOrg/wlc/pull/1097", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}