← Back to home
wid-sec-w-2026-2170  ·  Published 2026-07-01  ·  View on BSI CERT-Bund ↗

MediaWiki and Extensions: Multiple Vulnerabilities

CVSS N/A NONE

Risk Summary

Ein Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um Cross-Site-Scripting-Angriffe durchzuführen, Benutzer auf bösartige Websites umzuleiten, die Authentifizierung zu umgehen oder SQL-Injection-Angriffe durchzuführen.

Affected Vendors

Open Source

Affected Products (26)

Open Source · MediaWiki <1.46.0
Open Source · MediaWiki 1.46.0
Open Source · MediaWiki UrlShortener Extension <1.43.9
Open Source · MediaWiki UrlShortener Extension 1.43.9
Open Source · MediaWiki UrlShortener Extension <1.44.6
Open Source · MediaWiki UrlShortener Extension 1.44.6
Open Source · MediaWiki UrlShortener Extension <1.45.4
Open Source · MediaWiki UrlShortener Extension 1.45.4
Open Source · MediaWiki Cargo Extension <1.43.9
Open Source · MediaWiki Cargo Extension 1.43.9
Open Source · MediaWiki Cargo Extension <1.44.6
Open Source · MediaWiki Cargo Extension 1.44.6
Open Source · MediaWiki Cargo Extension <1.45.4
Open Source · MediaWiki Cargo Extension 1.45.4
Open Source · MediaWiki WikiLambda Extension <1.43.9
Open Source · MediaWiki WikiLambda Extension 1.43.9
Open Source · MediaWiki WikiLambda Extension <1.44.6
Open Source · MediaWiki WikiLambda Extension 1.44.6
Open Source · MediaWiki WikiLambda Extension <1.45.4
Open Source · MediaWiki WikiLambda Extension 1.45.4
Open Source · MediaWiki Charts Extension <1.43.9
Open Source · MediaWiki Charts Extension 1.43.9
Open Source · MediaWiki Charts Extension <1.44.6
Open Source · MediaWiki Charts Extension 1.44.6
Open Source · MediaWiki Charts Extension <1.45.4
Open Source · MediaWiki Charts Extension 1.45.4

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more