Skip to main content

Mediawiki Wikilambda Extension

1 CVEs product

Monthly

CVE-2026-58517 MEDIUM PATCH This Month

Authentication bypass in the Wikimedia Foundation's WikiLambda extension for MediaWiki allows unauthenticated remote attackers to circumvent access controls via improper neutralization of input terminator characters (CWE-288). Affected are all WikiLambda deployments running versions prior to 1.43.9, 1.44.6, and 1.45.4 across the supported MediaWiki release branches. No public exploit or CISA KEV listing has been identified at time of analysis, though the network-accessible, zero-prerequisite attack vector warrants prompt patching.

Authentication Bypass Mediawiki Wikilambda Extension
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Authentication bypass in the Wikimedia Foundation's WikiLambda extension for MediaWiki allows unauthenticated remote attackers to circumvent access controls via improper neutralization of input terminator characters (CWE-288). Affected are all WikiLambda deployments running versions prior to 1.43.9, 1.44.6, and 1.45.4 across the supported MediaWiki release branches. No public exploit or CISA KEV listing has been identified at time of analysis, though the network-accessible, zero-prerequisite attack vector warrants prompt patching.

Authentication Bypass Mediawiki Wikilambda Extension
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy