CVE-2026-34088: RecentChanges entries expose suppressed content via generated log page html
Published May 11, 2026
·Updated
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Affected Software
4 affected components
Wikimedia Foundation MediaWiki<1.43.7, <1.44.4, <1.45.2
MediaWiki MediaWiki<1.43.7
MediaWiki MediaWiki>=1.44.0<1.44.4
MediaWiki MediaWiki>=1.45.0<1.45.2
Event History
May 11, 2026
CVE Published
via MITRE·02:43 PM
Data Sourced
via MITRE·02:43 PM
DescriptionWeakness
Data Sourced
via NVD·04:17 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-34088?
CVE-2026-34088 is classified as a moderate severity vulnerability due to the risk of exposing sensitive information.
2
How do I fix CVE-2026-34088?
To mitigate CVE-2026-34088, upgrade your MediaWiki installation to version 1.43.7 or higher, 1.44.4 or higher, or 1.45.2 or higher.
3
What vulnerabilities does CVE-2026-34088 address?
CVE-2026-34088 addresses the exposure of suppressed content through the generated log page HTML in MediaWiki.
4
Who is affected by CVE-2026-34088?
CVE-2026-34088 affects all versions of MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2.
5
Can CVE-2026-34088 lead to a data breach?
Yes, CVE-2026-34088 can potentially lead to a data breach by allowing unauthorized actors to access sensitive information.