CVE Catalog

CVE-2026-58036

LowCVSS 2.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

A vulnerability in MediaWiki allows unauthorized actors to access sensitive information through the files ApiQueryAllUsers.php, ApiQueryUsers.php, PermissionManager.php, and UserGroupManager.php.

Risk Assessment

The organization is at risk of user data leakage, such as permissions or group membership, which could lead to privilege escalation or confidentiality breaches.

Recommendation

It is recommended to immediately update MediaWiki to the latest patched version and restrict API access to untrusted entities.

Original NVD description (English source)

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php, includes/User/UserGroupManager.Php.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS