CVE-2026-58029
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk42th percentile — higher than 42% of all known CVEs
Summary
A vulnerability in MediaWiki allows an attacker to manipulate authentication data through API files and special pages. It affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.
Risk Assessment
An attacker can unauthorizedly modify or remove user authentication data, leading to account takeover and system integrity compromise.
Recommendation
Immediately update MediaWiki to version 1.46.0, 1.45.4, 1.44.6, or 1.43.9 depending on the branch in use.
Original NVD description (English source)
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, includes/Specials/SpecialUnlinkAccounts.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

