CVE-2026-58025

Summary

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki.

This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php.

This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

Affected Software

VendorProductVersion RangeStatus
Wikimedia FoundationMediaWiki* < 1.46.0, 1.45.4, 1.44.6, 1.43.9affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of untrusted data
  • CWE-94: CWE-94

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References