PT-2026-54895 · Mediawiki · Mediawiki

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-58026

CVSS v3.1

5.7

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.46.0 MediaWiki versions prior to 1.45.4 MediaWiki versions prior to 1.44.6 MediaWiki versions prior to 1.43.9
Description An issue exists in the includes/Parser/Parser.Php file that allows the exposure of sensitive information to unauthorized actors. This occurs because the $wgNonincludableNamespaces variable can be bypassed by embedding a redirect in other namespaces.
Recommendations Update to version 1.46.0 or later. Update to version 1.45.4 or later. Update to version 1.44.6 or later. Update to version 1.43.9 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58026

Affected Products

Mediawiki