PatchSiren

Wikimedia Foundation CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

NONE Wikimedia Foundation CVE published 2026-07-01

CVE-2026-8857

A vulnerability in Wikimedia Foundation timeline affects Mediawiki versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This issue is associated with program files scripts/EasyTimeline.Pl and includes/Timeline.Php. The vulnerability has a CVSS severity of NONE and a CVSS score that is not provided. Users of affected Mediawiki versions should be aware of this vulnerability and take necessary defensive actio [truncated]

NONE Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58038

CVE-2026-58038 is an Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability affecting MediaWiki timeline. The issue impacts versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This vulnerability allows for cross-site scripting (XSS) attacks due to improper neutralization of input during web page generation. Users of MediaWiki timeline, particularly those [truncated]

NONE Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58037

The CVE record for CVE-2026-58037 was published on 2026-07-01T16:16:51.063Z and has not been modified since then. This Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability affects MediaWiki versions from before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is associated with several program files, including includes/Language/Language.Php, includes/Loggi [truncated]

LOW Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58036

A vulnerability in MediaWiki, specifically in the includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php, and includes/User/UserGroupManager.Php program files, could allow an unauthorized actor to access sensitive information. This Exposure of Sensitive Information to an Unauthorized Actor vulnerability has a CVSS score of 2.1, indicating a low severi [truncated]

MEDIUM Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58032

CVE-2026-58032 is an Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. The issue affects MediaWiki versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This vulnerability can be exploited by attackers with permission to edit pages, potentially leading to cross-site scripting (XSS) attacks. Users of MediaWiki, especia [truncated]

MEDIUM Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58030

The CVE-2026-58030 vulnerability is an Improper Neutralization of Input During Web Page Generation (XSS) issue affecting Mediawiki SyntaxHighlight_GeSHi. This vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. It impacts versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. Users of these versions should review and apply patches to prevent XSS attacks. The vulnerability is associated with progr [truncated]

MEDIUM Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58029

A vulnerability was discovered in MediaWiki, affecting versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This issue is associated with multiple program files, including includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, and includes/Specials/SpecialUnlinkAccounts.Php. The vulnerability is [truncated]

NONE Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58028

The CVE record for CVE-2026-58028 was published on 2026-07-01T16:16:50.077Z and has not been modified since then. This vulnerability affects MediaWiki and CentralAuth versions prior to 1.46.0, 1.45.4, 1.44.6, and 1.43.9, allowing for XSS attacks due to improper neutralization of input during web page generation. Users of these versions should apply patches to prevent potential attacks.

MEDIUM Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58027

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T16:16:49.947Z and has not been modified since then. The NVD entry is currently Analyzed. This Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The vulnerability has a CVSS score [truncated]

MEDIUM Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58025

A deserialization of untrusted data vulnerability was found in MediaWiki, affecting versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This issue is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, and includes/Logging/LogEntryBase.Php. The vulnerability is caused by the deserialization of untrusted data in MediaWiki. This could allow an attacker to execut [truncated]

NONE Wikimedia Foundation CVE published 2026-07-01

CVE-2026-13706

CVE-2026-13706 is an improper input validation vulnerability in Wikimedia Foundation UrlShortener. The CVE record was published on 2026-07-01T16:16:31.617Z and has not been modified since then. The NVD entry is currently Analyzed. This vulnerability is associated with program files includes/UrlShortenerUtils.Php. It has been categorized under CWE-20. The CVSS score is not provided, but the CVSS vector is [truncated]

NONE Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58035

CVE-2026-58035 is an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in MediaWiki, a popular open-source wiki software. The vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue. This type of vulnerability allows attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. Us [truncated]

NONE Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58034

CVE-2026-58034 is an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.46.0-rc.0 before 1.46.0. The vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. The issue has been identified and reported, and a fix is available in versio [truncated]

NONE Wikimedia Foundation CVE published 2026-07-01

CVE-2026-58031

CVE-2026-58031 is an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in MediaWiki. The issue affects MediaWiki from version 1.46.0-rc.0 before 1.46.0. This vulnerability is located in the resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js file and allows for Cross-site Scripting (XSS) attacks when user input is not properly neutralized during web page generation [truncated]

LOW Wikimedia Foundation CVE published 2026-05-11

CVE-2026-34093

CVE-2026-34093 is a low-severity sensitive-information exposure issue in Wikimedia Foundation MediaWiki, tied to includes/Specials/SpecialUserRights.Php. According to the NVD record, the issue affects MediaWiki versions before 1.43.7, 1.44.4, and 1.45.2. The CVSS 4.0 vector indicates network exposure with low confidentiality impact and a user interaction requirement, so this is not described as a high-imp [truncated]