MediaWiki 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、vendor risk csrf、vendor risk input validation, and vendor risk open redirect があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き、vendor impact unexpected behavior, and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-34095 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 0.0 | 0.04% | 2026-05-11 | 2026-05-13 |
| CVE-2026-34094 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 2.0 | 0.03% | 2026-05-11 | 2026-05-18 |
| CVE-2026-34093 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 1.1 | 0.04% | 2026-05-11 | 2026-05-18 |
| CVE-2026-34092 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 2.1 | 0.04% | 2026-05-11 | 2026-05-14 |
| CVE-2026-34091 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 5.5 | 0.05% | 2026-05-11 | 2026-05-14 |
| CVE-2026-34090 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 4.8 | 0.04% | 2026-05-11 | 2026-05-14 |
| CVE-2026-34088 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 1.3 | 0.04% | 2026-05-11 | 2026-05-14 |
| CVE-2026-34087 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 5.1 | 0.04% | 2026-05-11 | 2026-05-14 |
| CVE-2026-39841 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 6.3 | 0.03% | 2026-04-07 | 2026-04-15 |
| CVE-2026-39840 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 5.1 | 0.03% | 2026-04-07 | 2026-04-15 |
| CVE-2026-39839 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 6.3 | 0.04% | 2026-04-07 | 2026-04-15 |
| CVE-2026-39837 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 6.3 | 0.03% | 2026-04-07 | 2026-04-15 |
| CVE-2025-67484 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 0.0 | 0.02% | 2026-02-03 | 2026-04-14 |
| CVE-2025-67483 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 0.0 | 0.02% | 2026-02-03 | 2026-04-09 |
| CVE-2025-67481 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 0.0 | 0.02% | 2026-02-03 | 2026-04-09 |
| CVE-2025-67480 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 0.0 | 0.07% | 2026-02-03 | 2026-04-14 |
| CVE-2025-67478 | Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 0.0 | 0.02% | 2026-02-03 | 2026-04-14 |
| CVE-2025-67477 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from * before 1.44.3, 1.45.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 0.0 | 0.02% | 2026-02-03 | 2026-04-09 |
| CVE-2025-67476 | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 1.3 | 0.04% | 2026-02-03 | 2026-04-14 |
| CVE-2025-67475 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. | c4f26cc8-17ff-4c99-b5e2-38fc1793eacc | 0.0 | 0.02% | 2026-02-03 | 2026-04-09 |