CVE Catalog

CVE-2026-58025

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

Deserialization of untrusted data vulnerability in MediaWiki. The issue is present in files WikiImporter.php, WikiRevision.php, and LogEntryBase.php. Affects versions before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

Risk Assessment

An attacker can remotely execute arbitrary code or gain unauthorized access by sending crafted data for deserialization.

Recommendation

Immediately update MediaWiki to version 1.46.0, 1.45.4, 1.44.6, 1.43.9 or later.

Original NVD description (English source)

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS