Home > Vulnerability Database > CVE-2026-22251

Mend.io Vulnerability Database

CVE-2026-22251

Good to know:

Date: January 12, 2026

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers.

Severity Score

5.3

Related Resources (6)

Url: https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797

Url: https://github.com/WeblateOrg/wlc

Url: https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-22251

Url: https://github.com/WeblateOrg/wlc/pull/1098

Url: https://www.mend.io/vulnerability-database/CVE-2026-22251

Severity Score

5.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Insecure Storage of Sensitive Information

CWE-922

Top Fix

Upgrade Version

Upgrade to version wlc - 1.17.0;https://github.com/WeblateOrg/wlc.git - 1.17.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-22251

Good to know:

Date: January 12, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?