๐Ÿ” CVE Alert

CVE-2026-58034

UNKNOWN 0.0

Stored XSS through a system message when blocking a temporary account that's related to other temporary accounts

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. This issue affects CheckUser: from 1.46.0-rc.0 before 1.46.0.

CWE CWE-79
Vendor wikimedia foundation
Product checkuser
Published Jul 1, 2026
Last Updated Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for wikimedia foundation checkuser

Be the first to know when new unknown vulnerabilities affecting wikimedia foundation checkuser are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Wikimedia Foundation / CheckUser
1.46.0-rc.0 < 1.46.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
phabricator.wikimedia.org: https://phabricator.wikimedia.org/T428820