CVE-2026-58517: CWE-288 Authentication bypass using an alternate path or channel in The Wikimedia Foundation Mediawiki - WikiLambda Extension
Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass. This issue affects Mediawiki - WikiLambda Extension: from * before 1.43.9,1.44.6,1.45.4.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-58517) in the Mediawiki - WikiLambda Extension arises from improper neutralization of input terminators, leading to an authentication bypass (CWE-288). It affects all versions prior to 1.43.9, 1.44.6, and 1.45.4. The issue allows attackers to bypass authentication controls by using alternate paths or channels. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity. The Wikimedia Foundation operates this product as a cloud service and has made patches available to address the issue.
Potential Impact
Successful exploitation of this vulnerability allows an attacker to bypass authentication mechanisms in the WikiLambda Extension, potentially gaining unauthorized access. This could lead to unauthorized actions within the affected Mediawiki environment. The vulnerability is rated medium severity with a CVSS score of 6.9.
Mitigation Recommendations
The Wikimedia Foundation manages the Mediawiki - WikiLambda Extension as a cloud service and has made patches available for the affected versions. Users should ensure their instances are updated to versions 1.43.9, 1.44.6, 1.45.4 or later. Check the official Wikimedia Foundation advisory for the latest remediation guidance and apply updates accordingly.
CVE-2026-58517: CWE-288 Authentication bypass using an alternate path or channel in The Wikimedia Foundation Mediawiki - WikiLambda Extension
Description
Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass. This issue affects Mediawiki - WikiLambda Extension: from * before 1.43.9,1.44.6,1.45.4.
CVSS v4.0
Score 6.9medium
Affected software
pkg:github/wikimedia/mediawiki-wikilambda-extensionRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-58517) in the Mediawiki - WikiLambda Extension arises from improper neutralization of input terminators, leading to an authentication bypass (CWE-288). It affects all versions prior to 1.43.9, 1.44.6, and 1.45.4. The issue allows attackers to bypass authentication controls by using alternate paths or channels. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity. The Wikimedia Foundation operates this product as a cloud service and has made patches available to address the issue.
Potential Impact
Successful exploitation of this vulnerability allows an attacker to bypass authentication mechanisms in the WikiLambda Extension, potentially gaining unauthorized access. This could lead to unauthorized actions within the affected Mediawiki environment. The vulnerability is rated medium severity with a CVSS score of 6.9.
Mitigation Recommendations
The Wikimedia Foundation manages the Mediawiki - WikiLambda Extension as a cloud service and has made patches available for the affected versions. Users should ensure their instances are updated to versions 1.43.9, 1.44.6, 1.45.4 or later. Check the official Wikimedia Foundation advisory for the latest remediation guidance and apply updates accordingly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- wikimedia-foundation
- Date Reserved
- 2026-07-01T03:40:44.768Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a455e5b27e9c79719f17aef
Added to database: 07/01/2026, 18:37:15 UTC
Last enriched: 07/01/2026, 18:51:23 UTC
Last updated: 07/01/2026, 19:21:51 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.