CVE Catalog

CVE-2026-58034

UnknownCVSS 0.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

A Cross-Site Scripting (XSS) vulnerability in the Wikimedia Foundation CheckUser extension due to improper input neutralization during page generation. The issue is located in Vue module files related to temporary accounts.

Risk Assessment

An attacker can inject malicious scripts, leading to session theft, account takeover, or user data leakage.

Recommendation

Immediately update the CheckUser extension to version 1.46.0 or later, which includes the fix.

Original NVD description (English source)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. This issue affects CheckUser: from 1.46.0-rc.0 before 1.46.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS