Deserialization of Untrusted Data Vulnerability in Wikimedia MediaWiki
CVE-2026-58025

5.9MEDIUM

Key Information:

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-58025?

A deserialization of untrusted data vulnerability has been identified in Wikimedia Foundation's MediaWiki, particularly linked to components such as includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, and includes/Logging/LogEntryBase.Php. This issue allows potential attackers to manipulate objects during deserialization, which could lead to unauthorized operations and loss of integrity within the application. Systems running versions earlier than 1.46.0, including 1.45.4, 1.44.6, and 1.43.9, are particularly at risk and should be updated to mitigate potential exploitation.

Affected Version(s)

MediaWiki * < 1.46.0, 1.45.4, 1.44.6, 1.43.9

References

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.