PT-2026-54933 · Wikimedia Foundation · Time-Line-

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-8857

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Wikimedia Foundation timeline versions prior to 1.46.0 Wikimedia Foundation timeline versions prior to 1.45.4 Wikimedia Foundation timeline versions prior to 1.44.6 Wikimedia Foundation timeline versions prior to 1.43.9
Description An issue exists in the Wikimedia Foundation timeline associated with the program files scripts/EasyTimeline.Pl and includes/Timeline.Php that allows for Remote Code Execution (RCE), a state where an attacker can execute arbitrary commands on the host machine.
Recommendations Update to version 1.46.0 or later. Update to version 1.45.4 or later. Update to version 1.44.6 or later. Update to version 1.43.9 or later. As a temporary mitigation, restrict access to the scripts/EasyTimeline.Pl and includes/Timeline.Php files.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-8857

Affected Products

Time-Line-