{"id":"CVE-2026-58025","details":"Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki.\n\n This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php.\n\n\n\nThis issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.","modified":"2026-07-11T04:04:10.954646819Z","published":"2026-07-01T16:16:49.703Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"1.46.0-rc0"},{"last_affected":"1.46.0-rc0"}],"source":"CPE_STRING","vendor_product":"mediawiki:mediawiki","cpes":["cpe:2.3:a:mediawiki:mediawiki:1.46.0:rc0:*:*:*:*:*:*"]}]},"references":[{"type":"REPORT","url":"https://phabricator.wikimedia.org/T422244"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wikimedia/mediawiki","events":[{"introduced":"8216997ffcc956a610635f07044fb9a3b5dda9d9"},{"fixed":"50755a861e6e748cf8bac24e8cdd5e83db018081"},{"introduced":"858ee255edbe0da2ff8152df403cac2dba2c9948"},{"fixed":"a36f3bc851a8ae3377ee5602b7e2a355d59e7b0e"},{"introduced":"99b4a221a98c0ac1531c3f4e31248562833dbc82"},{"fixed":"ea7980d473268e0ef28c64328a1325f8f4e414b6"}],"database_specific":{"cpe":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.43.0"},{"fixed":"1.43.9"},{"introduced":"1.44.0"},{"fixed":"1.44.6"},{"introduced":"1.45.0"},{"fixed":"1.45.4"}],"source":"CPE_RANGE"}}],"versions":["1.43.8","1.44.5","1.45.3","1.45.2","1.44.4","1.43.7","1.45.1","1.44.3","1.43.6","1.45.0","1.43.5","1.44.2","1.43.4","1.44.0","1.43.3","1.43.2","1.43.1","1.43.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58025.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}