{"id":"CVE-2026-58520","details":"URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing.\n\nThis issue affects Mediawiki - UrlShortener Extension: from * before 1.43.9, 1.44.6, 1.45.4.","modified":"2026-07-15T07:30:16.034542Z","published":"2026-07-01T18:16:35.983Z","references":[{"type":"REPORT","url":"https://gerrit.wikimedia.org/r/q/I7a59cc4c351b5aa47ed46f7a14a1105fd1ecc5b5"},{"type":"REPORT","url":"https://phabricator.wikimedia.org/T418431"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wikimedia/mediawiki","events":[{"introduced":"8216997ffcc956a610635f07044fb9a3b5dda9d9"},{"fixed":"50755a861e6e748cf8bac24e8cdd5e83db018081"},{"introduced":"858ee255edbe0da2ff8152df403cac2dba2c9948"},{"fixed":"a36f3bc851a8ae3377ee5602b7e2a355d59e7b0e"},{"introduced":"99b4a221a98c0ac1531c3f4e31248562833dbc82"},{"fixed":"ea7980d473268e0ef28c64328a1325f8f4e414b6"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.43.0"},{"fixed":"1.43.9"},{"introduced":"1.44.0"},{"fixed":"1.44.6"},{"introduced":"1.45.0"},{"fixed":"1.45.4"}]}}],"versions":["1.43.8","1.44.5","1.45.3","1.45.2","1.44.4","1.43.7","1.45.1","1.44.3","1.43.6","1.45.0","1.43.5","1.44.2","1.43.4","1.44.0","1.43.3","1.43.2","1.43.1","1.43.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58520.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}