SQL Injection Vulnerability in Mediawiki Cargo Extension by Wikimedia Foundation
CVE-2026-58521

6.9MEDIUM

What is CVE-2026-58521?

The Mediawiki Cargo Extension developed by Wikimedia Foundation contains a vulnerability that allows for SQL injection attacks. This flaw arises from improper neutralization of special elements used in SQL commands. It impacts installations of Mediawiki Cargo Extension prior to versions 1.43.9, 1.44.6, and 1.45.4, enabling unauthorized users to manipulate SQL queries and potentially access sensitive data. Maintaining updated versions is essential for protecting against such security threats.

Affected Version(s)

Mediawiki - Cargo Extension * < 1.43.9,1.44.6,1.45.4

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andmcadams
.