PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-8857 Wikimedia Foundation CVE debrief

A vulnerability in Wikimedia Foundation timeline affects Mediawiki versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This issue is associated with program files scripts/EasyTimeline.Pl and includes/Timeline.Php. The vulnerability has a CVSS severity of NONE and a CVSS score that is not provided. Users of affected Mediawiki versions should be aware of this vulnerability and take necessary defensive actions. The CVE record was published on 2026-07-01T16:16:53.847Z and last modified on 2026-07-09T17:20:24.080Z.

Vendor
Wikimedia Foundation
Product
timeline
CVSS
NONE
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-01
Original CVE updated
2026-07-09
Advisory published
2026-07-01
Advisory updated
2026-07-09

Who should care

Users of Mediawiki versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9 should be aware of this vulnerability and take necessary defensive actions. This includes operators, platform administrators, vulnerability management teams, and security teams who need to review and mitigate this vulnerability.

Technical summary

The vulnerability in Wikimedia Foundation timeline is associated with program files scripts/EasyTimeline.Pl and includes/Timeline.Php. It affects Mediawiki versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The CVSS score is not provided, but the CVSS severity is NONE. The vulnerability has limited scope and potential impact.

Defensive priority

Medium priority due to limited scope and potential impact. Affected Mediawiki versions should be reviewed and patched or mitigated as necessary.

Recommended defensive actions

  • Inventory and verify affected Mediawiki versions
  • Apply vendor remediation or patches
  • Monitor for potential exploitation attempts
  • Implement compensating controls if patches cannot be applied
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-01T16:16:53.847Z and last modified on 2026-07-09T17:20:24.080Z. The NVD entry is currently Analyzed. The vulnerability affects Mediawiki versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9, associated with program files scripts/EasyTimeline.Pl and includes/Timeline.Php. Evidence is limited to CVE and NVD details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T16:16:53.847Z and has not been modified since then. The NVD entry is currently Analyzed.