CVE-2026-22712

Improper Encoding or Escaping of Outputdue to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
wikimedia-foundationCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://gerrit.wikimedia.org/r/q/Iee1bf1cbc8a519899e7f9dde508856bd4e5a5d2a
https://phabricator.wikimedia.org/T412068
https://phabricator.wikimedia.org/T412068