CVE Catalog

CVE-2026-58029

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.54%

42th percentile — higher than 42% of all known CVEs

Summary

A vulnerability in MediaWiki allows an attacker to manipulate authentication data through API files and special pages. It affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

Risk Assessment

An attacker can unauthorizedly modify or remove user authentication data, leading to account takeover and system integrity compromise.

Recommendation

Immediately update MediaWiki to version 1.46.0, 1.45.4, 1.44.6, or 1.43.9 depending on the branch in use.

Original NVD description (English source)

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, includes/Specials/SpecialUnlinkAccounts.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS