CVE-2026-34087
Publication date 11 May 2026
Last updated 13 May 2026
Ubuntu priority
Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| mediawiki | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-34087
- https://phabricator.wikimedia.org/T412061
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/1265614 (REL1_43)
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/1265610 (master)
- https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/