CVE-2026-22712 — MEDIUM (4.3)

Vulnerability Description

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wikiworks	Approved Revs	1.39

Related Weaknesses (CWE)

CWE-116

References

https://gerrit.wikimedia.org/r/q/Iee1bf1cbc8a519899e7f9dde508856bd4e5a5d2aPatch
https://phabricator.wikimedia.org/T412068ExploitIssue Tracking
https://phabricator.wikimedia.org/T412068ExploitIssue Tracking

FAQ

What is CVE-2026-22712?

CVE-2026-22712 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.Thi...

How severe is CVE-2026-22712?

CVE-2026-22712 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-22712?

Check the references section above for vendor advisories and patch information. Affected products include: Wikiworks Approved Revs.