Authentication Bypass Vulnerability in Wikimedia Foundation's Mediawiki - WikiLambda Extension
CVE-2026-58517

6.9MEDIUM

What is CVE-2026-58517?

An improper neutralization of input terminators vulnerability in the Wikimedia Foundation's Mediawiki - WikiLambda Extension permits attackers to bypass authentication mechanisms. This flaw exists in versions prior to 1.43.9, 1.44.6, and 1.45.4. If exploited, this vulnerability allows unauthorized access, posing a significant risk to data integrity and user confidentiality. Users are strongly advised to update to the latest versions to mitigate this security concern.

Affected Version(s)

Mediawiki - WikiLambda Extension * < 1.43.9,1.44.6,1.45.4

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SomeRandomDeveloper
Jdforrester-WMF
.