Security Advisory

CVE-2026-39937

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-07 21:44:46
Last updated 2026-04-08 21:58:19
Assigner wikimedia-foundation
State PUBLISHED

Description

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.