SQL Injection Vulnerability in Mediawiki Cargo Extension by Wikimedia Foundation
CVE-2026-58521
6.9MEDIUM
What is CVE-2026-58521?
The Mediawiki Cargo Extension developed by Wikimedia Foundation contains a vulnerability that allows for SQL injection attacks. This flaw arises from improper neutralization of special elements used in SQL commands. It impacts installations of Mediawiki Cargo Extension prior to versions 1.43.9, 1.44.6, and 1.45.4, enabling unauthorized users to manipulate SQL queries and potentially access sensitive data. Maintaining updated versions is essential for protecting against such security threats.
Affected Version(s)
Mediawiki - Cargo Extension * < 1.43.9,1.44.6,1.45.4
