CVE-2026-58517
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
A vulnerability in the WikiLambda extension for MediaWiki allows authentication bypass due to improper neutralization of input terminators. The issue affects versions before 1.43.9, 1.44.6, and 1.45.4.
Risk Assessment
An attacker can bypass authentication mechanisms, gaining unauthorized access to extension features, potentially leading to data confidentiality and integrity breaches.
Recommendation
Immediately update the WikiLambda extension to version 1.43.9, 1.44.6, or 1.45.4 depending on the MediaWiki branch in use.
Original NVD description (English source)
Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass. This issue affects Mediawiki - WikiLambda Extension: from * before 1.43.9,1.44.6,1.45.4.

