Cross-Site Request Forgery in Wikimedia Foundation's Mediawiki RedirectManager Extension
CVE-2026-58518

6.9MEDIUM

What is CVE-2026-58518?

A Cross-Site Request Forgery (CSRF) vulnerability exists within the RedirectManager Extension of the Mediawiki platform, allowing attackers to execute unauthorized actions on behalf of authenticated users. This flaw affects versions prior to 1.3.3, enabling potential security breaches where malicious actors could manipulate users into unknowingly submitting requests, compromising system integrity.

Affected Version(s)

Mediawiki - RedirectManager Extension * < 1.3.3

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SomeRandomDeveloper
.