Cross-Site Scripting Vulnerability in MediaWiki by Wikimedia Foundation
CVE-2026-58035

NONE

Key Information:

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-58035?

An improper neutralization of input during web page generation in MediaWiki allows attackers to execute arbitrary JavaScript code in the context of authenticated users. This XSS vulnerability is particularly concerning as it can be exploited via specially crafted web pages, potentially impacting the confidentiality and integrity of user data. Developers and system administrators are advised to implement available patches and mitigate exposure by validating and sanitizing user inputs.

Affected Version(s)

MediaWiki 1.46.0-rc.0 < 1.46.0

References

CVSS V4

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.