Skip to main content

Mediawiki Centralauth Extension

1 CVEs product

Monthly

CVE-2026-39937 HIGH This Week

Information disclosure in MediaWiki CentralAuth extension exposes sensitive authentication data to unauthorized parties through improper removal before storage or transfer. This affects non-release development branches with network-accessible attack vector requiring no authentication (CVSS:4.0 AV:N/PR:N). While no public exploit or active exploitation (not in CISA KEV) is identified at time of analysis, the CVSS 8.8 rating reflects high confidentiality impact and low complexity, making this a significant risk for organizations running development builds.

Information Disclosure Mediawiki Centralauth Extension
NVD
CVSS 4.0
8.8
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH This Week

Information disclosure in MediaWiki CentralAuth extension exposes sensitive authentication data to unauthorized parties through improper removal before storage or transfer. This affects non-release development branches with network-accessible attack vector requiring no authentication (CVSS:4.0 AV:N/PR:N). While no public exploit or active exploitation (not in CISA KEV) is identified at time of analysis, the CVSS 8.8 rating reflects high confidentiality impact and low complexity, making this a significant risk for organizations running development builds.

Information Disclosure Mediawiki Centralauth Extension
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy