Cross-Site Scripting Vulnerability in MediaWiki by Wikimedia Foundation
CVE-2026-58028

NONE

Key Information:

Vendor
CVE Published:
1 July 2026

What is CVE-2026-58028?

The vulnerability in MediaWiki and CentralAuth arises from improper neutralization of user input, leading to Cross-Site Scripting (XSS) risks. Attackers can exploit this flaw to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive data or hijacking user sessions. The affected components include various API files and hooks, emphasizing the need for prompt updates to mitigate the risks associated with these versions.

Affected Version(s)

CentralAuth * < 1.46.0, 1.45.4, 1.44.6, 1.43.9

MediaWiki * < 1.46.0, 1.45.4, 1.44.6, 1.43.9

References

CVSS V4

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.