CVE-2026-0669

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.

Affected Software

VendorProductVersion RangeStatus
Wikimedia FoundationMediaWiki - CSS extension1.44affected
Wikimedia FoundationMediaWiki - CSS extension1.43affected
Wikimedia FoundationMediaWiki - CSS extension1.39affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References