CVE-2026-30917

Name of the Vulnerable Software and Affected Versions Bucket versions prior to 2.1.1

Description Bucket is a MediaWiki extension used to store and retrieve structured data on articles. A stored cross-site scripting (XSS) issue exists that allows malicious code to be inserted into any Bucket table field with a PAGE type. This code will execute when a user views the corresponding Bucket namespace page.

Recommendations Update to Bucket version 2.1.1 or later.