Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects Mediawiki - GrowthExperiments Extension: 1.45.2, 1.44.4, 1.43.7.
AnalysisAI
Infinite loop vulnerability in Wikimedia MediaWiki GrowthExperiments Extension (versions 1.45.2, 1.44.4, 1.43.7) allows unauthenticated remote attackers to trigger a denial of service condition by exploiting a Time-of-Check and Time-of-Use (TOCTOU) race condition that causes unreachable loop exit logic. The vulnerability has a CVSS score of 6.9 with low confidentiality, integrity, and availability impact across all scopes. No public exploit code or active exploitation has been confirmed at time of analysis.
Technical ContextAI
The vulnerability (CWE-835: Loop with Unreachable Exit Condition) resides in the GrowthExperiments Extension for MediaWiki, a Wikimedia Foundation extension that facilitates new user onboarding and growth. The root cause involves a TOCTOU race condition where a condition checked at one point in code execution is no longer valid by the time the code attempts to use that condition to exit a loop. This timing window allows an attacker to modify state between the check and the actual use, causing the loop's exit condition to never be satisfied. The vulnerability is exposed via the network (AV:N) with low attack complexity (AC:L) and no authentication requirement (PR:N), making it remotely accessible. The CVSS 4.0 vector indicates low impact across confidentiality, integrity, and availability dimensions, typical of a resource exhaustion or denial of service issue rather than data breach or system compromise.
RemediationAI
Upgrade the MediaWiki GrowthExperiments Extension to a patched version released after 1.45.2, 1.44.4, or 1.43.7. The upstream fix is available in Gerrit commit 1243874 (https://gerrit.wikimedia.org/r/c/1243874) which addresses the TOCTOU race condition logic. Consult the Wikimedia Phabricator ticket T418222 (https://phabricator.wikimedia.org/T418222) for the specific patched version numbers and detailed deployment instructions. As an interim mitigation before patching, administrators may consider temporarily disabling the GrowthExperiments Extension if it is not essential to operations, or implementing rate-limiting and request throttling at the web server or load balancer level to reduce the likelihood of successful race condition exploitation. Monitor MediaWiki logs for unusual loop-related CPU spikes or request patterns that may indicate active exploitation attempts.
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19978
GHSA-cgh3-rgf8-476j