QSearchQSearch

CVE-2021-42040

7.5 HIGH

An issue was discovered in MediaWiki through 1.36.2

Published: 2021-10-06 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-835

Affected products

VendorProduct
mediawikimediawiki

Description

An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-34094 Vulnerability in Wikimedia Foundation MediaWiki (3.8 LOW)
  • CVE-2026-34093 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki (5.3 MEDIUM)
  • CVE-2021-41801 The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control (8.8 HIGH)
  • CVE-2021-41800 MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time) (5.3 MEDIUM)
  • CVE-2021-41799 MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time) (7.5 HIGH)

Same CWE

  • CVE-2026-48733 ImageMagick is free and open-source software used for editing and manipulating digital images (4.7 MEDIUM)
  • CVE-2026-46521 ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
  • CVE-2026-46522 ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
  • CVE-2026-49495 Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection ... (5.5 MEDIUM)
  • CVE-2025-71330 image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event l... (7.5 HIGH)