CVE-2026-39937
Resource Leak in MediaWiki CentralAuth Due to Improper Data Handling
Publication date: 2026-04-07
Last updated on: 2026-04-08
Assigner: wikimedia-foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the_wikimedia_foundation | mediawiki_centralauth_extension | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-212 | The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves improper removal of sensitive information before storage or transfer, which can lead to resource leak exposure.
Such exposure of sensitive information could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require proper handling and protection of sensitive data.
However, specific details on how this vulnerability affects compliance with these standards are not provided in the available information.
Can you explain this vulnerability to me?
This vulnerability involves the improper removal of sensitive information before it is stored or transferred in the Wikimedia Foundation Mediawiki - CentralAuth Extension. Specifically, it leads to a resource leak exposure, meaning that sensitive data may be unintentionally retained or exposed due to inadequate handling in non-release branches of the software.
How can this vulnerability impact me? :
The impact of this vulnerability is that sensitive information could be leaked or exposed unintentionally. This could lead to unauthorized access to confidential data, potentially compromising user privacy and security.