CVE-2026-58518
Received Received - Intake

Cross-Site Request Forgery in MediaWiki RedirectManager Extension

Vulnerability report for CVE-2026-58518, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: wikimedia-foundation

Description

Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from * before 1.3.3.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
the_wikimedia_foundation mediawiki_redirectmanager_extension to 1.3.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-58518 is a Cross-Site Request Forgery (CSRF) vulnerability in the RedirectManager extension for MediaWiki. The vulnerability exists because the API endpoint responsible for creating redirects does not enforce CSRF token validation. This means an attacker can send a crafted POST request to create unauthorized redirects without needing a valid CSRF token.

The root cause is that the API's code, specifically in the Api.php file, does not override the needsToken() method to require a CSRF token. This oversight allows attackers to exploit the API endpoint to perform actions on behalf of authenticated users without their consent.

The issue was fixed by adding CSRF token validation to the API endpoint, and the patch was merged into the master branch of the RedirectManager extension, included starting from version 1.3.3.

Impact Analysis

This vulnerability can allow attackers to create unauthorized redirects within a MediaWiki installation using the RedirectManager extension. Such unauthorized redirects can be used to mislead users, redirect them to malicious sites, or disrupt normal site navigation.

Because the attack does not require user interaction or valid CSRF tokens, it can be executed remotely and silently, potentially compromising the integrity and trustworthiness of the affected MediaWiki site.

Detection Guidance

This vulnerability can be detected by checking if the RedirectManager extension's API endpoint responsible for creating redirects accepts POST requests without requiring a CSRF token.

A practical way to detect this is to attempt sending a POST request to the redirect creation API endpoint without including a CSRF token and observe if the request is accepted.

For example, you can use the following curl command to test the endpoint:

  • curl -X POST -d 'action=redirectmanager&format=json&other_parameters=values' https://your-mediawiki-site/api.php

If the request succeeds without requiring a CSRF token, the system is vulnerable.

Mitigation Strategies

The immediate mitigation step is to upgrade the RedirectManager extension to version 1.3.3 or later, where the CSRF token validation has been added to the API endpoint.

Until the upgrade can be applied, consider restricting access to the API endpoint to trusted users or networks to reduce the risk of unauthorized redirect creation.

Additionally, monitor your system for any unauthorized redirects that may have been created exploiting this vulnerability.

Compliance Impact

The provided information does not specify how the Cross-Site Request Forgery (CSRF) vulnerability in the Mediawiki RedirectManager Extension impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58518. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart