PT-2026-54894 · Mediawiki · Mediawiki
Published
2026-07-01
·
Updated
2026-07-01
·
CVE-2026-58025
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MediaWiki versions prior to 1.46.0
MediaWiki versions prior to 1.45.4
MediaWiki versions prior to 1.44.6
MediaWiki versions prior to 1.43.9
Description
An unsafe deserialization of untrusted data exists in the LogItem import process. This issue is associated with the program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, and includes/Logging/LogEntryBase.Php, which could lead to remote code execution.
Recommendations
Update to version 1.46.0 or later.
Update to version 1.45.4 or later.
Update to version 1.44.6 or later.
Update to version 1.43.9 or later.
Fix
RCE
Code Injection
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mediawiki