CVE-2026-58036
LowCVSS 2.1Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
A vulnerability in MediaWiki allows unauthorized actors to access sensitive information through the files ApiQueryAllUsers.php, ApiQueryUsers.php, PermissionManager.php, and UserGroupManager.php.
Risk Assessment
The organization is at risk of user data leakage, such as permissions or group membership, which could lead to privilege escalation or confidentiality breaches.
Recommendation
It is recommended to immediately update MediaWiki to the latest patched version and restrict API access to untrusted entities.
Original NVD description (English source)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php, includes/User/UserGroupManager.Php.

