Vulnerability Details CVE-2026-58037
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php, includes/Logging/PatrolLogFormatter.Php, includes/Logging/RenameuserLogFormatter.Php, includes/Logging/TagLogFormatter.Php, includes/Specials/SpecialVersion.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 13.5%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2026-58037
-
cpe:2.3:a:mediawiki:mediawiki:1.43.0
-
cpe:2.3:a:mediawiki:mediawiki:1.43.1
-
cpe:2.3:a:mediawiki:mediawiki:1.43.2
-
cpe:2.3:a:mediawiki:mediawiki:1.43.3
-
cpe:2.3:a:mediawiki:mediawiki:1.43.4
-
cpe:2.3:a:mediawiki:mediawiki:1.43.5
-
cpe:2.3:a:mediawiki:mediawiki:1.43.6
-
cpe:2.3:a:mediawiki:mediawiki:1.43.7
-
cpe:2.3:a:mediawiki:mediawiki:1.44.0
-
cpe:2.3:a:mediawiki:mediawiki:1.44.1
-
cpe:2.3:a:mediawiki:mediawiki:1.44.2
-
cpe:2.3:a:mediawiki:mediawiki:1.44.3
-
cpe:2.3:a:mediawiki:mediawiki:1.44.4
-
cpe:2.3:a:mediawiki:mediawiki:1.45.0
-
cpe:2.3:a:mediawiki:mediawiki:1.45.1
-
cpe:2.3:a:mediawiki:mediawiki:1.45.2
-
cpe:2.3:a:mediawiki:mediawiki:1.46.0