CVE-2026-39937
Received Received - Intake
Resource Leak in MediaWiki CentralAuth Due to Improper Data Handling

Publication date: 2026-04-07

Last updated on: 2026-04-08

Assigner: wikimedia-foundation

Description
Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.Β The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-08
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-39937
EUVD
EUVD-2026-19984
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
the_wikimedia_foundation mediawiki_centralauth_extension *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-212 The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the improper removal of sensitive information before it is stored or transferred in the Wikimedia Foundation Mediawiki - CentralAuth Extension. Specifically, it leads to a resource leak exposure, meaning that sensitive data may be unintentionally retained or exposed due to inadequate handling in non-release branches of the software.

Impact Analysis

The impact of this vulnerability is that sensitive information could be leaked or exposed unintentionally. This could lead to unauthorized access to confidential data, potentially compromising user privacy and security.

Compliance Impact

This vulnerability involves improper removal of sensitive information before storage or transfer, which can lead to resource leak exposure.

Such exposure of sensitive information could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require proper handling and protection of sensitive data.

However, specific details on how this vulnerability affects compliance with these standards are not provided in the available information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39937. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart