Information Exposure in Wikimedia Foundation MediaWiki
CVE-2026-34092

2.1LOW

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki
Vendor: CVE Published:; 11 May 2026

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2026-34092?

A vulnerability in Wikimedia Foundation's MediaWiki can lead to unauthorized exposure of sensitive information. This issue is linked to the program files found in includes/Skin/Skin.php, which may allow attackers to access confidential data if the appropriate security measures are not in place. Affected versions of MediaWiki include those prior to 1.43.7 and the specific versions 1.44.4 and 1.45.2. Users are strongly advised to update to the latest versions to mitigate the risk of exploitation.

Affected Version(s)

MediaWiki * < 1.43.7, 1.44.4, 1.45.2

References

https://phabricator.wikimedia.org/T384147

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Mar 25, 2026

CVE-2026-34092 Data

JSON