File Inclusion Vulnerability in Wikimedia Foundation's MediaWiki Software
CVE-2026-34094

2LOW

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki
Vendor: CVE Published:; 11 May 2026

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2026-34094?

A file inclusion vulnerability exists in the Wikimedia Foundation's MediaWiki software that affects specific program files. This weakness, present in versions prior to 1.43.7, as well as 1.44.4 and 1.45.2, could potentially be exploited to manipulate application behavior or leak sensitive data. It is imperative for users to address this security issue by updating to the latest version to mitigate risks.

Affected Version(s)

MediaWiki * < 1.43.7, 1.44.4, 1.45.2

References

https://phabricator.wikimedia.org/T416090

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Mar 25, 2026

CVE-2026-34094 Data

JSON