PatchSiren cyber security CVE debrief
CVE-2026-58029 Wikimedia Foundation CVE debrief
A vulnerability was discovered in MediaWiki, affecting versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This issue is associated with multiple program files, including includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, and includes/Specials/SpecialUnlinkAccounts.Php. The vulnerability is related to authentication data handling and has a CVSS score of 5.3, classified as MEDIUM severity.
- Vendor
- Wikimedia Foundation
- Product
- MediaWiki
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-01
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-01
- Advisory updated
- 2026-07-09
Who should care
Users of MediaWiki, particularly those running versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9, should be aware of this vulnerability and take necessary actions to mitigate potential risks. This includes updating to a secure version, reviewing and monitoring authentication data handling, and implementing compensating controls.
Technical summary
The vulnerability in MediaWiki, affecting versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9, is related to authentication data handling across multiple API and special pages. This could potentially allow attackers with certain privileges to manipulate authentication data, posing a risk to users of these versions. The issue has been analyzed and has a CVSS score of 5.3, classified as MEDIUM severity. Affected program files include includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, and includes/Specials/SpecialUnlinkAccounts.Php. Users should review and monitor authentication data handling and implement compensating controls to detect and prevent potential exploitation. Updating to a secure version is recommended.
Defensive priority
Medium priority should be given to updating MediaWiki to a secure version, as the vulnerability can be exploited by attackers with certain privileges.
Recommended defensive actions
- Update MediaWiki to version 1.46.0, 1.45.4, 1.44.6, or 1.43.9, or later
- Review and monitor authentication data handling in the affected program files
- Implement compensating controls to detect and prevent potential exploitation
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-01T16:16:50.197Z and was last modified on 2026-07-09T19:37:39.750Z. The NVD entry is currently Analyzed. This information is based on the provided source corpus and may not reflect the full scope of the vulnerability. Further verification is recommended to ensure accurate understanding of the issue.
Official resources
-
CVE-2026-58029 CVE record
CVE.org
-
CVE-2026-58029 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
c4f26cc8-17ff-4c99-b5e2-38fc1793eacc - Permissions Required
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T16:16:50.197Z and has not been modified since then. The NVD entry is currently Analyzed.