This vulnerability is associated with program files includes/Parser/Parser.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-6380-1 | mediawiki security update |
| Link | Providers |
|---|---|
| https://phabricator.wikimedia.org/T299359 |
|
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wikimedia
Wikimedia mediawiki |
|
| Vendors & Products |
Wikimedia
Wikimedia mediawiki |
Wed, 01 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9. | |
| Title | $wgNonincludableNamespaces can be bypassed by embedding redirect in other namespaces | |
| Weaknesses | CWE-200 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: wikimedia-foundation
Published:
Updated: 2026-07-01T15:50:17.256Z
Reserved: 2026-06-27T13:32:37.577Z
Link: CVE-2026-58026
Updated: 2026-07-01T15:50:11.643Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T02:15:15Z
Debian DSA