CVE Catalog

CVE-2026-58517

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

A vulnerability in the WikiLambda extension for MediaWiki allows authentication bypass due to improper neutralization of input terminators. The issue affects versions before 1.43.9, 1.44.6, and 1.45.4.

Risk Assessment

An attacker can bypass authentication mechanisms, gaining unauthorized access to extension features, potentially leading to data confidentiality and integrity breaches.

Recommendation

Immediately update the WikiLambda extension to version 1.43.9, 1.44.6, or 1.45.4 depending on the MediaWiki branch in use.

Original NVD description (English source)

Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass. This issue affects Mediawiki - WikiLambda Extension: from * before 1.43.9,1.44.6,1.45.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS