Cross-Site Scripting Vulnerability in Wikimedia Foundation CheckUser
CVE-2026-58034

NONE

Key Information:

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-58034?

A Cross-Site Scripting (XSS) vulnerability has been identified in the CheckUser tool by the Wikimedia Foundation. This flaw arises due to improper neutralization of user input during the web page generation process. Specifically, it affects versions of CheckUser from 1.46.0-rc.0 up to, but not including, 1.46.0, with potential implications for user data security and integrity. Attackers could exploit this vulnerability to inject malicious scripts, which might compromise the security environment of the application.

Affected Version(s)

CheckUser 1.46.0-rc.0 < 1.46.0

References

CVSS V4

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.