CVE-2026-34090
Exposure of Sensitive Information in Wikimedia CheckUser
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: wikimedia-foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wikimedia | checkuser | From 1.45.0 (inc) to 1.45.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized exposure of suppressed usernames to users without the necessary permissions. While the risk is low due to existing non-disclosure agreements among authorized users, it still represents an information leak that could potentially expose sensitive user information.
Can you explain this vulnerability to me?
CVE-2026-34090 is a security vulnerability in the CheckUser extension for MediaWiki, specifically in the Special:SuggestedInvestigations feature. It caused suppressed usernames, which are meant to be hidden, to be displayed to users who did not have the proper permissions to view them. This resulted in an information leak of sensitive user data.
The vulnerability was considered low-risk because users with access to this tool typically have signed non-disclosure agreements. The issue was fixed by hiding suppressed usernames in the interface and disabling the "Investigate" button when all users in a case were hidden.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the exposure of suppressed usernames in the Special:SuggestedInvestigations feature of the CheckUser extension for MediaWiki. Detection would primarily involve verifying whether suppressed usernames are visible to unauthorized users in this interface.
Since the issue is related to the MediaWiki CheckUser extension version from 1.45.0 before 1.45.2, you can check the installed version of MediaWiki and the CheckUser extension to determine if your system is affected.
- Check the MediaWiki version and CheckUser extension version installed on your system.
- Manually verify if suppressed usernames are visible in the Special:SuggestedInvestigations interface to users without proper permissions.
No specific network or system commands are provided in the available resources to detect this vulnerability automatically.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability was fixed by hiding suppressed usernames in the Special:SuggestedInvestigations interface, similar to other CheckUser interfaces, and disabling the "Investigate" button when all users in a case are hidden.
To mitigate this vulnerability immediately, you should upgrade your MediaWiki CheckUser extension to version 1.45.2 or later, or apply the patch included in the 1.46.0-wmf.17 release.
- Upgrade the CheckUser extension to version 1.45.2 or later.
- Apply the patch that hides suppressed usernames and disables the Investigate button when appropriate.
Additionally, ensure that only authorized users with proper permissions have access to the CheckUser tools, as users with access are typically under non-disclosure agreements.