πŸ” CVE Alert

CVE-2026-39937

UNKNOWN 0.0

Global vanishing does not completely remove user email

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
13th

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.Β The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.

CWE CWE-212
Vendor the wikimedia foundation
Product mediawiki - centralauth extension
Published Apr 7, 2026
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for the wikimedia foundation mediawiki - centralauth extension

Be the first to know when new unknown vulnerabilities affecting the wikimedia foundation mediawiki - centralauth extension are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

The Wikimedia Foundation / Mediawiki - CentralAuth Extension
0 < 1.43

References

NVD β†— CVE.org β†— EPSS Data β†—
phabricator.wikimedia.org: https://phabricator.wikimedia.org/T418122 gerrit.wikimedia.org: https://gerrit.wikimedia.org/r/q/I0b72427fa329aee85841a2cb23dec3058edce85e

Credits

Urbanecm kostajh