๐Ÿ” CVE Alert

CVE-2026-58520

UNKNOWN 0.0

UrlShortener defaults to ineffective validation open to third-party redirects

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing. This issue affects Mediawiki - UrlShortener Extension: from * before 1.43.9, 1.44.6, 1.45.4.

CWE CWE-601
Vendor the wikimedia foundation
Product mediawiki - urlshortener extension
Published Jul 1, 2026
Last Updated Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for the wikimedia foundation mediawiki - urlshortener extension

Be the first to know when new unknown vulnerabilities affecting the wikimedia foundation mediawiki - urlshortener extension are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

The Wikimedia Foundation / Mediawiki - UrlShortener Extension
* < 1.43.9, 1.44.6, 1.45.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
phabricator.wikimedia.org: https://phabricator.wikimedia.org/T418431 gerrit.wikimedia.org: https://gerrit.wikimedia.org/r/q/I7a59cc4c351b5aa47ed46f7a14a1105fd1ecc5b5

Credits

Krinkle DAlangi_WMF