CVE-2026-39937

Summary

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.

Affected Software

VendorProductVersion RangeStatus
The Wikimedia FoundationMediawiki - CentralAuth Extension1.43unaffected
The Wikimedia FoundationMediawiki - CentralAuth Extension1.44unaffected
The Wikimedia FoundationMediawiki - CentralAuth Extension1.45unaffected
The Wikimedia FoundationMediawiki - CentralAuth Extension0 < 1.43affected

Weaknesses

  • CWE-212: CWE-212 Improper removal of sensitive information before storage or transfer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References