CVE-2026-58520
UrlShortener defaults to ineffective validation open to third-party redirects
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing. This issue affects Mediawiki - UrlShortener Extension: from * before 1.43.9, 1.44.6, 1.45.4.
| CWE | CWE-601 |
| Vendor | the wikimedia foundation |
| Product | mediawiki - urlshortener extension |
| Published | Jul 1, 2026 |
| Last Updated | Jul 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for the wikimedia foundation mediawiki - urlshortener extension
Be the first to know when new unknown vulnerabilities affecting the wikimedia foundation mediawiki - urlshortener extension are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
The Wikimedia Foundation / Mediawiki - UrlShortener Extension
* < 1.43.9, 1.44.6, 1.45.4
References
Credits
Krinkle DAlangi_WMF