Skip to main content

Mediawiki Urlshortener Extension

1 CVEs product

Monthly

CVE-2026-58520 MEDIUM PATCH This Month

Open redirect exploitation in the Wikimedia Foundation MediaWiki UrlShortener Extension enables unauthenticated network attackers to craft shortened URLs hosted on trusted MediaWiki domains that silently redirect victims to arbitrary external sites, facilitating phishing and Cross-Site Flashing attacks. All versions of the extension prior to 1.43.9, 1.44.6, and 1.45.4 across their respective branches are affected. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the unauthenticated and network-accessible nature of URL shortener services makes social-engineering abuse low-effort once a target instance is identified.

Open Redirect Mediawiki Urlshortener Extension
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Open redirect exploitation in the Wikimedia Foundation MediaWiki UrlShortener Extension enables unauthenticated network attackers to craft shortened URLs hosted on trusted MediaWiki domains that silently redirect victims to arbitrary external sites, facilitating phishing and Cross-Site Flashing attacks. All versions of the extension prior to 1.43.9, 1.44.6, and 1.45.4 across their respective branches are affected. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the unauthenticated and network-accessible nature of URL shortener services makes social-engineering abuse low-effort once a target instance is identified.

Open Redirect Mediawiki Urlshortener Extension
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy