CVE-2026-58025
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
Deserialization of untrusted data vulnerability in MediaWiki. The issue is present in files WikiImporter.php, WikiRevision.php, and LogEntryBase.php. Affects versions before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Risk Assessment
An attacker can remotely execute arbitrary code or gain unauthorized access by sending crafted data for deserialization.
Recommendation
Immediately update MediaWiki to version 1.46.0, 1.45.4, 1.44.6, 1.43.9 or later.
Original NVD description (English source)
Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

