Home

Description

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.

PUBLISHED Reserved 2026-04-07 | Published 2026-04-07 | Updated 2026-04-08 | Assigner wikimedia-foundation




HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

Problem types

CWE-212 Improper removal of sensitive information before storage or transfer

Product status

Default status
affected

1.43
unaffected

1.44
unaffected

1.45
unaffected

Any version before 1.43
affected

Credits

Urbanecm finder

kostajh remediation developer

References

phabricator.wikimedia.org/T418122

gerrit.wikimedia.org/...427fa329aee85841a2cb23dec3058edce85e

cve.org (CVE-2026-39937)

nvd.nist.gov (CVE-2026-39937)

Download JSON