PT-2026-54920 · Mediawiki · Cargo Extension

Andmcadams

·

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-58521

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo Extension versions prior to 1.43.9 Mediawiki - Cargo Extension versions prior to 1.44.6 Mediawiki - Cargo Extension versions prior to 1.45.4
Description Improper neutralization of special elements used in an SQL command allows for SQL injection. This issue occurs via the year range filter.
Recommendations Update to version 1.43.9 or later. Update to version 1.44.6 or later. Update to version 1.45.4 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58521

Affected Products

Cargo Extension