Information Exposure Vulnerability in Wikimedia Foundation Echo Software
CVE-2026-5266

2.3LOW

Key Information:

Vendor: Wikimedia Foundation
Status: Echo
Vendor: CVE Published:; 11 May 2026

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2026-5266?

A vulnerability in the Wikimedia Foundation's Echo product allows for the unintentional exposure of sensitive information to unauthorized actors. This issue specifically affects certain versions of the Echo software where sensitive data may be accessible through the program files, including Api/ApiEchoNotifications.php. Users operating versions prior to 1.43.7, as well as versions 1.44.4 and 1.45.2, are at risk and should consider upgrading to the latest release to ensure their data remains secure.

Affected Version(s)

Echo * < 1.43.7, 1.44.4, 1.45.2

References

https://phabricator.wikimedia.org/T420154

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-5266 Data

JSON