This vulnerability (CVE-2026-22711) in the Mediawiki Wikilove Extension arises from improper neutralization of alternate XSS syntax (CWE-87). This flaw allows an attacker to inject and execute malicious scripts by bypassing input sanitization mechanisms. The issue affects specific versions of the extension (1.43.7, 1.44.4, 1.45.2). The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and low to moderate impact on confidentiality, integrity, availability, and scope. No patch or official remediation level has been published by the vendor as of the data provided.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of users visiting a Mediawiki site using the vulnerable Wikilove Extension versions. This may lead to theft of user credentials, session hijacking, or other malicious actions within the affected web application. However, the impact is rated medium severity and no known exploits have been reported in the wild.

Patch status is not yet confirmed — check the Wikimedia Foundation vendor advisories for current remediation guidance. Until a fix is available, consider applying temporary mitigations such as disabling the Wikilove Extension or restricting its usage. Monitor official channels for updates and apply patches promptly once released.