CVE Catalog

CVE-2026-58027

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

A vulnerability in the Wikimedia Foundation AbuseFilter extension allows an unauthorized actor to access sensitive information. The issue is located in the file includes/Api/QueryAbuseFilters.php.

Risk Assessment

The organization is at risk of leaking confidential data related to abuse filters, which could lead to user privacy breaches or exposure of internal security rules.

Recommendation

Immediately update AbuseFilter to version 1.46.0, 1.45.4, 1.44.6, or 1.43.9 depending on the branch in use.

Original NVD description (English source)

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS