Open Redirect Vulnerability in Wikimedia Foundation's Mediawiki - UrlShortener Extension
CVE-2026-58520

6.9MEDIUM

What is CVE-2026-58520?

A vulnerability exists in the Mediawiki - UrlShortener Extension that allows for URL redirection to untrusted sites. This open redirect flaw could potentially be exploited to facilitate cross-site flashing attacks. Users of versions prior to 1.43.9, 1.44.6, and 1.45.4 should be aware of the associated risks and consider updating to mitigate these vulnerabilities. For more information, refer to the official documentation on Phabricator and Gerrit.

Affected Version(s)

Mediawiki - UrlShortener Extension * < 1.43.9, 1.44.6, 1.45.4

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Krinkle
DAlangi_WMF
.