Information Exposure Vulnerability in Wikimedia's OATHAuth Plugin
CVE-2026-34087

5.1MEDIUM

Key Information:

Vendor: Wikimedia Foundation
Status: Oathauth
Vendor: CVE Published:; 11 May 2026

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2026-34087?

The vulnerability in the OATHAuth plugin allows unauthorized actors to gain access to sensitive information. This can lead to compromised user accounts and potential exploitation of additional vulnerabilities. It is important for users to upgrade to the latest versions to mitigate these risks. For details on the affected versions and to ensure your setup remains secure, refer to the latest patch releases.

Affected Version(s)

OATHAuth * < 1.43.7, 1.44.4, 1.45.2

References

https://phabricator.wikimedia.org/T412061

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Mar 25, 2026

CVE-2026-34087 Data

JSON