PT-2026-54894 · Mediawiki · Mediawiki

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-58025

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.46.0 MediaWiki versions prior to 1.45.4 MediaWiki versions prior to 1.44.6 MediaWiki versions prior to 1.43.9
Description An unsafe deserialization of untrusted data exists in the LogItem import process. This issue is associated with the program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, and includes/Logging/LogEntryBase.Php, which could lead to remote code execution.
Recommendations Update to version 1.46.0 or later. Update to version 1.45.4 or later. Update to version 1.44.6 or later. Update to version 1.43.9 or later.

Fix

RCE

Code Injection

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58025

Affected Products

Mediawiki