Debian Mediawiki vulnerabilities

304 known vulnerabilities affecting debian/mediawiki.

Total CVEs

304

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL4HIGH47MEDIUM133LOW94UNKNOWN6

Vulnerabilities

Page 1 of 16

CVE-2026-34094LOWfixed in mediawiki 1:1.43.8+dfsg-1 (forky)2026

CVE-2026-34094 [LOW] CVE-2026-34094: mediawiki bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:1.43.8+dfsg-1) sid: resolved (fixed in 1:1.43.8+dfsg-1) trixie: open

debian

CVE-2026-34091LOWfixed in mediawiki 1:1.43.8+dfsg-1 (forky)2026

CVE-2026-34091 [LOW] CVE-2026-34091: mediawiki bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:1.43.8+dfsg-1) sid: resolved (fixed in 1:1.43.8+dfsg-1) trixie: open

debian

CVE-2026-34090LOW2026

CVE-2026-34090 [LOW] CVE-2026-34090: mediawiki bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2026-5266LOWfixed in mediawiki 1:1.43.8+dfsg-1 (forky)2026

CVE-2026-5266 [LOW] CVE-2026-5266: mediawiki bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:1.43.8+dfsg-1) sid: resolved (fixed in 1:1.43.8+dfsg-1) trixie: open

debian

CVE-2026-34089LOW2026

CVE-2026-34089 [LOW] CVE-2026-34089: mediawiki bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2026-34095UNKNOWNfixed in mediawiki 1:1.43.8+dfsg-2 (sid)2026

CVE-2026-34095 CVE-2026-34095: mediawiki bookworm: open bullseye: open forky: open sid: resolved (fixed in 1:1.43.8+dfsg-2) trixie: open

debian

CVE-2026-34092UNKNOWNfixed in mediawiki 1:1.43.8+dfsg-1 (forky)2026

CVE-2026-34092 CVE-2026-34092: mediawiki bookworm: open bullseye: open forky: resolved (fixed in 1:1.43.8+dfsg-1) sid: resolved (fixed in 1:1.43.8+dfsg-1) trixie: open

debian

CVE-2026-34086UNKNOWNfixed in mediawiki 1:1.43.8+dfsg-1 (forky)2026

CVE-2026-34086 CVE-2026-34086: mediawiki bookworm: open bullseye: open forky: resolved (fixed in 1:1.43.8+dfsg-1) sid: resolved (fixed in 1:1.43.8+dfsg-1) trixie: open

debian

CVE-2026-34093UNKNOWNfixed in mediawiki 1:1.43.8+dfsg-1 (forky)2026

CVE-2026-34093 CVE-2026-34093: mediawiki bookworm: open bullseye: open forky: resolved (fixed in 1:1.43.8+dfsg-1) sid: resolved (fixed in 1:1.43.8+dfsg-1) trixie: open

debian

CVE-2026-34087UNKNOWNfixed in mediawiki 1:1.43.8+dfsg-1 (forky)2026

CVE-2026-34087 CVE-2026-34087: mediawiki bookworm: open bullseye: open forky: resolved (fixed in 1:1.43.8+dfsg-1) sid: resolved (fixed in 1:1.43.8+dfsg-1) trixie: open

debian

CVE-2026-34088UNKNOWNfixed in mediawiki 1:1.43.8+dfsg-1 (forky)2026

CVE-2026-34088 CVE-2026-34088: mediawiki bookworm: open bullseye: open forky: resolved (fixed in 1:1.43.8+dfsg-1) sid: resolved (fixed in 1:1.43.8+dfsg-1) trixie: open

debian

CVE-2025-6926HIGHCVSS 8.8fixed in mediawiki 1:1.39.13-1~deb12u1 (bookworm)2025

CVE-2025-6926 [HIGH] CVE-2025-6926: mediawiki - Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - Centra... Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. Scope: local bookworm: resolved (fixed in 1:1.39.13-1~deb12u1) bullseye: resolved (fixed in 1:1.35.13-1+d

debian

CVE-2025-32072MEDIUMCVSS 6.9fixed in mediawiki 1:1.39.13-1~deb12u1 (bookworm)2025

CVE-2025-32072 [MEDIUM] CVE-2025-32072: mediawiki - Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundatio... Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43. Scope: local bookworm: resolved (fixed in 1:1.39.13-1~deb12u1) bullseye: resolved (fixed in 1:1.35.13-1+deb11u4) forky: resolved (fixed in 1:1.43.1+dfsg-2) s

debian

CVE-2025-6590MEDIUMCVSS 4.6fixed in mediawiki 1:1.39.13-1~deb12u1 (bookworm)2025

CVE-2025-6590 [MEDIUM] CVE-2025-6590: mediawiki - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiki... Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0. Scope: local bookworm: resolved (fixed in 1:1.39.13-1~deb12u1) bullseye: resolve

debian

CVE-2025-61643LOWCVSS 2.7fixed in mediawiki 1:1.39.17-1~deb12u1 (bookworm)2025

CVE-2025-61643 [LOW] CVE-2025-61643: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate... Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. Scope: local bookworm: resolved (fixed in 1:1.39.17-1~deb12u1) bullseye: resolved (fixed in 1:1.35.13-1+deb11u5) forky: resolved (fixed in 1:1

debian

CVE-2025-61636LOWfixed in mediawiki 1:1.43.5+dfsg-1 (forky)2025

CVE-2025-61636 [NONE] CVE-2025-61636: mediawiki - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ... Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. Scope: local bookworm: resolved bullseye: resolved forky:

debian

CVE-2025-61645LOW2025

CVE-2025-61645 [NONE] CVE-2025-61645: mediawiki - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ... Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php. This issue affects MediaWiki: from * before 1.44.1. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trix

debian

CVE-2025-61657LOWfixed in mediawiki 1:1.43.5+dfsg-1 (forky)2025

CVE-2025-61657 [NONE] CVE-2025-61657: mediawiki - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ... Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from * before 1.43.4, 1.44.1. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in

debian

CVE-2025-61642LOWfixed in mediawiki 1:1.43.5+dfsg-1 (forky)2025

CVE-2025-61642 [NONE] CVE-2025-61642: mediawiki - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ... Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. Scope: local bookworm

debian

CVE-2025-32699LOWCVSS 2.1fixed in mediawiki 1:1.39.12-1~deb12u1 (bookworm)2025

CVE-2025-32699 [LOW] CVE-2025-32699: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.Th... Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2. Scope: local bookworm: resolved (fixed in 1:1.39.12-1~deb12u1) bullseye: resolved (fixed in 1:1.35.13-1+deb11u4) forky: resolved (fixed in 1:1.43.1+dfsg-1) sid: resolved (fixed in 1:1.43.

debian

1 / 16Next →