CVE-2026-58029
Full Account Takeover from BotPasswords and OAuth via action=changeauthenticationdata
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, includes/Specials/SpecialUnlinkAccounts.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
| Vendor | wikimedia foundation |
| Product | mediawiki |
| Published | Jul 1, 2026 |
| Last Updated | Jul 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for wikimedia foundation mediawiki
Be the first to know when new unknown vulnerabilities affecting wikimedia foundation mediawiki are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Wikimedia Foundation / MediaWiki
* < 1.46.0, 1.45.4, 1.44.6, 1.43.9