Description

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers.

INFO

Published Date :

2026-01-12T17:55:09.699Z

Last Modified :

2026-01-12T18:43:53.664Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22251 vulnerability.

Vendors Products
Weblateorg
  • Wlc
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22251.

URL Resource
https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797 cve-icon cve-icon
https://github.com/WeblateOrg/wlc/pull/1098 cve-icon cve-icon
https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact