CVE-2026-58518
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
A CSRF vulnerability in the RedirectManager extension for MediaWiki allows an attacker to perform unauthorized actions on behalf of an authenticated user. The issue affects versions before 1.3.3.
Risk Assessment
An attacker can trick an administrator or other authenticated user into performing unwanted actions, such as changing redirect configurations, potentially leading to data integrity compromise or further attacks.
Recommendation
Immediately update the RedirectManager extension to version 1.3.3 or later, which includes a fix for the CSRF vulnerability.
Original NVD description (English source)
Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from * before 1.3.3.

