Skip to main content

Oathauth

1 CVEs product

Monthly

CVE-2026-34087 MEDIUM PATCH This Month

OATHAuth before versions 1.43.7, 1.44.4, or 1.45.2 exposes sensitive information to unauthorized actors through an information disclosure vulnerability accessible to authenticated users via network requests. The vulnerability requires user interaction and results in limited confidentiality impact, affecting deployments where OATHAuth handles two-factor authentication across Wikimedia platforms.

Information Disclosure Oathauth
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

OATHAuth before versions 1.43.7, 1.44.4, or 1.45.2 exposes sensitive information to unauthorized actors through an information disclosure vulnerability accessible to authenticated users via network requests. The vulnerability requires user interaction and results in limited confidentiality impact, affecting deployments where OATHAuth handles two-factor authentication across Wikimedia platforms.

Information Disclosure Oathauth
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy