{"id":"CVE-2026-58024","details":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.\n\n This vulnerability is associated with program files includes/Api/ApiUserrights.Php.\n\n\n\nThis issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.","modified":"2026-07-11T04:04:10.934156297Z","published":"2026-07-01T16:16:49.583Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"1.46.0-rc0"},{"last_affected":"1.46.0-rc0"}],"vendor_product":"mediawiki:mediawiki","source":"CPE_STRING","cpes":["cpe:2.3:a:mediawiki:mediawiki:1.46.0:rc0:*:*:*:*:*:*"]}]},"references":[{"type":"REPORT","url":"https://phabricator.wikimedia.org/T422085"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wikimedia/mediawiki","events":[{"introduced":"8216997ffcc956a610635f07044fb9a3b5dda9d9"},{"fixed":"50755a861e6e748cf8bac24e8cdd5e83db018081"},{"introduced":"858ee255edbe0da2ff8152df403cac2dba2c9948"},{"fixed":"a36f3bc851a8ae3377ee5602b7e2a355d59e7b0e"},{"introduced":"99b4a221a98c0ac1531c3f4e31248562833dbc82"},{"fixed":"ea7980d473268e0ef28c64328a1325f8f4e414b6"}],"database_specific":{"extracted_events":[{"introduced":"1.43.0"},{"fixed":"1.43.9"},{"introduced":"1.44.0"},{"fixed":"1.44.6"},{"introduced":"1.45.0"},{"fixed":"1.45.4"}],"source":"CPE_RANGE","cpe":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*"}}],"versions":["1.43.8","1.44.5","1.45.3","1.45.2","1.44.4","1.43.7","1.45.1","1.44.3","1.43.6","1.45.0","1.43.5","1.44.2","1.43.4","1.44.0","1.43.3","1.43.2","1.43.1","1.43.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58024.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}]}