CVE-2026-58027
Received
Received - Intake
Information Exposure in Wikimedia AbuseFilter
Vulnerability report for CVE-2026-58027, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-01
Last updated on: 2026-07-01
Assigner: wikimedia-foundation
Description
Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter.
This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php.
This issue affects AbuseFilter: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wikimedia_foundation | abusefilter | to 1.46.0 (exc) |
| wikimedia_foundation | abusefilter | 1.45.4 |
| wikimedia_foundation | abusefilter | 1.44.6 |
| wikimedia_foundation | abusefilter | 1.43.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |