CVE-2026-58517
Awaiting Analysis
Awaiting Analysis - Queue
Authentication Bypass in MediaWiki WikiLambda Extension
Vulnerability report for CVE-2026-58517, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-01
Last updated on: 2026-07-01
Assigner: wikimedia-foundation
Description
Description
Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass.
This issue affects Mediawiki - WikiLambda Extension: from * before 1.43.9,1.44.6,1.45.4.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wikimedia | mediawiki_wikilambda_extension | From 1.43.0 (inc) to 1.43.9 (exc) |
| wikimedia | mediawiki_wikilambda_extension | to 1.44.6 (exc) |
| wikimedia | mediawiki_wikilambda_extension | to 1.45.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |