CVE Catalog

CVE-2026-14363

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

An SQL injection vulnerability in the Cargo extension for MediaWiki allows an attacker to inject malicious SQL code. The issue affects versions before 1.43.9, 1.44.6, and 1.45.4.

Risk Assessment

An attacker can gain unauthorized access to the database, steal or modify data, leading to a breach of confidentiality and integrity of the system.

Recommendation

Immediately update the Cargo extension to version 1.43.9, 1.44.6, or 1.45.4 depending on the MediaWiki branch in use.

Original NVD description (English source)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from * before 1.43.9,1.44.6,1.45.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS