CVE Catalog

CVE-2026-13706

UnknownCVSS 0.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

An improper input validation vulnerability has been discovered in the Wikimedia Foundation UrlShortener library. The issue is located in the includes/UrlShortenerUtils.php file.

Risk Assessment

An attacker could exploit this flaw to manipulate URL shortening, potentially leading to redirects to malicious sites or other phishing attacks.

Recommendation

Immediately update the UrlShortener library to the latest patched version. Additionally, implement extra input validation in applications using this component.

Original NVD description (English source)

Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associated with program files includes/UrlShortenerUtils.Php.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS