VIR Vulnerability Intelligence Relay

CVE-2026-34094

low
Published 2026-05-11 · Modified 2026-05-18
CVSS v3
3.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
CVSS v2
VIR risk
3.8

Description

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.

Predictions

Exploit likelihood
48%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2026-34094

vendor Authored 2026-05-27

Vendor advisory: c4f26cc8-17ff-4c99-b5e2-38fc1793eacc — https://phabricator.wikimedia.org/T416090

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed0
debian debianbullseyefixed0
debian debianforkyfixed1:1.43.8+dfsg-1
debian debiansidfixed1:1.43.8+dfsg-1
debian debiantrixiefixed1:1.43.8+dfsg-1~deb13u1

Application impact
VendorProductVersionsFixed
mediawikimediawiki{"endExcluding":"1.43.7"}1.43.7

References

CWEs

CWE-668

Verify integrity in audit chain (admin only). AS-IS.