{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-15T22:13:05.924","vulnerabilities":[{"cve":{"id":"CVE-2026-22251","sourceIdentifier":"security-advisories@github.com","published":"2026-01-12T18:15:49.457","lastModified":"2026-01-27T20:35:05.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers."},{"lang":"es","value":"wlc es un cliente de línea de comandos de Weblate que utiliza la API REST de Weblate. Antes de la versión 1.17.0, wlc admitía proporcionar claves de API sin ámbito en la configuración. Esta práctica fue desaconsejada durante años, pero el código nunca fue eliminado. Esto podría causar que la clave de API se filtre a diferentes servidores."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:weblate:wlc:*:*:*:*:*:*:*:*","versionEndExcluding":"1.17.0","matchCriteriaId":"B01083E5-842F-4D93-8069-D4578C071C90"}]}]}],"references":[{"url":"https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/WeblateOrg/wlc/pull/1098","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}