CVE-2026-58024
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information via the includes/Api/ApiUserrights.php file. The issue affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.
Risk Assessment
The organization is at risk of leaking sensitive user data, potentially leading to privacy breaches and privilege escalation.
Recommendation
Immediately update MediaWiki to version 1.46.0, 1.45.4, 1.44.6, or 1.43.9 depending on the branch in use.
Original NVD description (English source)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiUserrights.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

