CNNVD-202601-2758 Information

Jan 16, 2026 cve

CNNVD ID

CNNVD-202601-2758

CVE-2026-23535

  • CNNVD Published: 2026-01-16

Description (Chinese)

wlc是Weblate开源的一个命令行客户端。 wlc 1.17.2之前版本存在路径遍历漏洞,该漏洞源于多翻译下载功能可能根据特制服务器的指令写入任意位置。

Description (English)

wlc is a command line client of the Weblate Open Source. Wlc 1.17.2 has a path-to-penetrating loophole, which stems from multiple-translation downloads that may be written to any location according to a command from a special server.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Weblate

Published

2026-01-16

Last Modified

2026-02-24

References

https://github.com/WeblateOrg/wlc/commit/216e691c6e50abae97fe2e4e4f21501bf49a585f https://github.com/WeblateOrg/wlc/pull/1128 https://github.com/WeblateOrg/wlc/releases/tag/1.17.2 https://github.com/WeblateOrg/wlc/security/advisories/GHSA-mmwx-79f6-67jg https://access.redhat.com/security/cve/cve-2026-23535

Patch

https://github.com/WeblateOrg/wlc/releases

Share on: