Resource Leak Exposure in Wikimedia Mediawiki CentralAuth Extension
CVE-2026-39937

8.8HIGH

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki - Centralauth Extension
Vendor: CVE Published:; 7 April 2026

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2026-39937?

The Wikimedia Foundation Mediawiki CentralAuth Extension has a vulnerability that permits improper handling of sensitive information before it is stored or transferred. This flaw can lead to resource leak exposure, potentially exposing confidential data. The issue impacts non-release branches of the CentralAuth Extension, urging users to ensure they are using secured and updated versions.

Affected Version(s)

Mediawiki - CentralAuth Extension 1.43.7

Mediawiki - CentralAuth Extension 1.44.4

Mediawiki - CentralAuth Extension 1.45.2

References

https://phabricator.wikimedia.org/T418122

https://gerrit.wikimedia.org/r/q/I0b72427fa329aee85841a2c...

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Urbanecm

kostajh

CVE-2026-39937 Data

JSON