CVE-2026-58031
UnknownCVSS 0.0Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
An XSS vulnerability in MediaWiki exists in the ApiSandboxLayout.Js file, allowing an attacker to inject malicious script into a page. The issue affects versions from 1.46.0-rc.0 before 1.46.0.
Risk Assessment
An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or perform other actions in the victim's context.
Recommendation
Immediately update MediaWiki to version 1.46.0 or later, which includes the fix.
Original NVD description (English source)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from 1.46.0-rc.0 before 1.46.0.

