UBUNTU-CVE-2026-34093

HIGH7.6

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php

Published May 11, 2026

Modified 3 days ago

Details

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.

Affected Packages

mediawiki

Ubuntu 18.04 LTS

Affected versions:

1:1.27.3-11:1.27.4-11:1.27.4-21:1.27.4-3

mediawiki

Ubuntu 25.10

Affected versions:

1:1.43.1+dfsg-11:1.43.1+dfsg-21:1.43.3+dfsg-1

mediawiki

Ubuntu 26.04 LTS

Affected versions:

1:1.43.3+dfsg-11:1.43.5+dfsg-11:1.43.6+dfsg-21:1.43.8+dfsg-11:1.43.8+dfsg-2

mediawiki

Ubuntu Pro 20.04 LTS

Affected versions:

1:1.31.2-1ubuntu11:1.31.5-11:1.31.5-1ubuntu11:1.31.5-21:1.31.5-31:1.31.5-3ubuntu11:1.31.6-11:1.31.7-11:1.31.7-1ubuntu0.1~esm1

mediawiki

Ubuntu Pro 22.04 LTS

Affected versions:

1:1.35.3-11:1.35.4-11:1.35.5-11:1.35.5-1ubuntu11:1.35.5-1ubuntu21:1.35.5-1ubuntu31:1.35.6-11:1.35.6-1ubuntu0.1~esm1

mediawiki

Ubuntu Pro 24.04 LTS

Affected versions:

1:1.39.4-21:1.39.5-11:1.39.6-11:1.39.7-11:1.39.7-1ubuntu0.1~esm1

References

https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265639

https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265667

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/

https://phabricator.wikimedia.org/T414547

https://ubuntu.com/security/CVE-2026-34093

https://www.cve.org/CVERecord?id=CVE-2026-34093

CVSS Analysis

CVSS v4.0

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

ActiveUI:A

Vulnerable System

Vuln. Confidentiality

LowVC:L

Vuln. Integrity

NoneVI:N

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/R:A

Upstream

Ecosystems(6)

Ubuntu 18.04 LTS Ubuntu 25.10 Ubuntu 26.04 LTS Ubuntu Pro 20.04 LTS Ubuntu Pro 22.04 LTS

Timeline

PublishedMay 11, 2026

ModifiedMay 27, 2026

UBUNTU-CVE-2026-34093 | Mondoo Vulnerability Intelligence