CVE-2026-0669 | THREATINT

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.

PUBLISHED Reserved 2026-01-07 | Published 2026-01-07 | Updated 2026-01-07 | Assigner wikimedia-foundation

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

1.44

affected

1.43

affected

1.39

affected

Credits

Radman Siddiki finder

References

phabricator.wikimedia.org/T401526

gerrit.wikimedia.org/...f3f2e5a341868568492a736ac3dbf706c22e

cve.org (CVE-2026-0669)

nvd.nist.gov (CVE-2026-0669)

Download JSON