Deserialization of Untrusted Data Vulnerability in Wikimedia MediaWiki
CVE-2026-58025
5.9MEDIUM
What is CVE-2026-58025?
A deserialization of untrusted data vulnerability has been identified in Wikimedia Foundation's MediaWiki, particularly linked to components such as includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, and includes/Logging/LogEntryBase.Php. This issue allows potential attackers to manipulate objects during deserialization, which could lead to unauthorized operations and loss of integrity within the application. Systems running versions earlier than 1.46.0, including 1.45.4, 1.44.6, and 1.43.9, are particularly at risk and should be updated to mitigate potential exploitation.
Affected Version(s)
MediaWiki * < 1.46.0, 1.45.4, 1.44.6, 1.43.9
