CVE-2026-39934

Summary

Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the master branch.

Affected Software

VendorProductVersion RangeStatus
The Wikimedia FoundationMediawiki - GrowthExperiments Extension1.45affected
The Wikimedia FoundationMediawiki - GrowthExperiments Extension1.44affected
The Wikimedia FoundationMediawiki - GrowthExperiments Extension1.43affected
The Wikimedia FoundationMediawiki - GrowthExperiments Extension0 < 1.43affected

Weaknesses

  • CWE-835: CWE-835 Loop with unreachable exit condition ('infinite loop')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References