Loop with Unreachable Exit Condition Vulnerability in MediaWiki GrowthExperiments Extension by Wikimedia Foundation
CVE-2026-39934

6.9MEDIUM

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki - Growthexperiments Extension
Vendor: CVE Published:; 7 April 2026

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2026-39934?

The MediaWiki GrowthExperiments Extension by Wikimedia Foundation is affected by a loop with an unreachable exit condition, leading to potential infinite loops. This vulnerability can also be exploited through Time-of-Check to Time-of-Use (TOCTOU) race conditions, which may disrupt standard operations. Affected versions include 1.45.2, 1.44.4, and 1.43.7. Immediate updates are recommended to ensure system integrity and security.

Affected Version(s)

Mediawiki - GrowthExperiments Extension 1.45.2

Mediawiki - GrowthExperiments Extension 1.44.4

Mediawiki - GrowthExperiments Extension 1.43.7

References

https://phabricator.wikimedia.org/T418222

https://gerrit.wikimedia.org/r/c/1243874

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Urbanecm_WMF

Michael

CVE-2026-39934 Data

JSON