CVE Catalog

CVE-2026-58520

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

An open redirect vulnerability in the UrlShortener extension for MediaWiki allows Cross-Site Flashing attacks. Affected versions are before 1.43.9, 1.44.6, and 1.45.4.

Risk Assessment

An attacker can exploit this redirect to trick users into visiting malicious sites, potentially leading to data theft or malware installation.

Recommendation

Immediately update the UrlShortener extension to version 1.43.9, 1.44.6, or 1.45.4, depending on your MediaWiki branch.

Original NVD description (English source)

URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing. This issue affects Mediawiki - UrlShortener Extension: from * before 1.43.9, 1.44.6, 1.45.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS