CVE-2026-58521

Summary

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection.

This issue affects Mediawiki - Cargo Extension: from * before 1.43.9,1.44.6,1.45.4.

Affected Software

VendorProductVersion RangeStatus
The Wikimedia FoundationMediawiki - Cargo Extension* < 1.43.9,1.44.6,1.45.4affected

Weaknesses

  • CWE-89: CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References