Cross-Site Scripting Vulnerability in MediaWiki by Wikimedia Foundation
CVE-2026-58028
NONE
What is CVE-2026-58028?
The vulnerability in MediaWiki and CentralAuth arises from improper neutralization of user input, leading to Cross-Site Scripting (XSS) risks. Attackers can exploit this flaw to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive data or hijacking user sessions. The affected components include various API files and hooks, emphasizing the need for prompt updates to mitigate the risks associated with these versions.
Affected Version(s)
CentralAuth * < 1.46.0, 1.45.4, 1.44.6, 1.43.9
MediaWiki * < 1.46.0, 1.45.4, 1.44.6, 1.43.9
