Primary

Context

Weblate wlc Command-Line Client SSL Verification Vulnerability

Vulnerability

A vulnerability in the Weblate command-line client, wlc, prior to version 1.17.0, allowed SSL verification to be skipped for certain crafted URLs. This issue could potentially lead to insecure connections by bypassing important security checks on SSL certificates.

Impact

Exploitation of this vulnerability could result in SSL verification being improperly skipped, allowing for insecure connections that could be exploited in man-in-the-middle attacks.

Reproduction

The vulnerability can be reproduced by using a version of the wlc command-line client prior to 1.17.0 and providing a crafted URL that exploits the SSL verification skip. This can be done by manipulating the URL to include a hostname that starts with '127.0.0.1', which would be incorrectly treated as a localhost address, bypassing SSL verification.

Remediation

Users can upgrade to wlc version 1.17.0 or later, where this vulnerability has been fixed.

Added: Jan 12, 2026, 6:19 PM

Updated: Jan 12, 2026, 6:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.3

remediation

7.7

relevance

2.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.3

remediation

7.7

relevance

2.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weblate wlc Command-Line Client SSL Verification Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating