CVE-2026-34093
5.3 MEDIUMExposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki
Published: 2026-05-11 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-200
Affected products
| Vendor | Product |
|---|---|
| mediawiki | mediawiki |
Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-34093
- [Vendor advisory]https://phabricator.wikimedia.org/T414547
Related CVEs
Same vendor
- CVE-2026-34094 — Vulnerability in Wikimedia Foundation MediaWiki (3.8 LOW)
Same CWE
- CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-47165 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)
- CVE-2026-48855 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery
- CVE-2026-45329 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (7.1 HIGH)
- CVE-2026-36719 — An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain ... (7.5 HIGH)