CVE-2026-58520
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk17th percentile — higher than 17% of all known CVEs
Summary
An open redirect vulnerability in the UrlShortener extension for MediaWiki allows Cross-Site Flashing attacks. Affected versions are before 1.43.9, 1.44.6, and 1.45.4.
Risk Assessment
An attacker can exploit this redirect to trick users into visiting malicious sites, potentially leading to data theft or malware installation.
Recommendation
Immediately update the UrlShortener extension to version 1.43.9, 1.44.6, or 1.45.4, depending on your MediaWiki branch.
Original NVD description (English source)
URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing. This issue affects Mediawiki - UrlShortener Extension: from * before 1.43.9, 1.44.6, 1.45.4.

