Severity by source
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Vulnerability in Wikimedia Foundation AbuseFilter.
This issue affects AbuseFilter: from * before 1.43.7, 1.44.4, 1.45.2.
AnalysisAI
Information disclosure in Wikimedia Foundation AbuseFilter allows low-privileged authenticated users with user interaction to access limited confidential data through a network vector. The vulnerability affects AbuseFilter versions prior to 1.43.7, 1.44.4, and 1.45.2, with very low CVSS score (2.1) indicating minimal real-world impact but potential for sensitive information leakage in filtered content or filter logic contexts.
Technical ContextAI
AbuseFilter is a content-moderation tool deployed in Wikimedia installations that uses rule-based filtering to identify and manage abusive contributions. The vulnerability appears to involve improper access controls or information exposure in the filter mechanism itself, likely triggered through a network interface requiring low-privilege authentication and user interaction. CPE cpe:2.3:a:wikimedia_foundation:abusefilter:*:*:*:*:*:*:*:* confirms the affected component. While specific CWE is not provided, the CVSS 4.0 vector indicating confidentiality impact (VC:L/VI:L) and scope limitation (S:N) suggests a logic flaw in access control or data exposure in filter operations.
RemediationAI
Upgrade AbuseFilter to version 1.43.7, 1.44.4, or 1.45.2 or later, depending on which release track is in use. Vendor-released patches are available per Wikimedia Foundation. For environments unable to patch immediately, restrict access to filter administration and management interfaces to trusted administrators, and monitor filter-related logs for suspicious user interactions that may indicate exploitation attempts. Review access controls on accounts with low-privilege filter permissions to ensure least-privilege principles are enforced.
More in Abusefilter
View allSensitive abuse filter configuration data in Wikimedia Foundation's AbuseFilter MediaWiki extension is exposed to authen
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29058
GHSA-5qc5-wp75-wxgx