Vulnerability Description
Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.
Related Weaknesses (CWE)
References
- https://gerrit.wikimedia.org/r/q/I0b72427fa329aee85841a2cb23dec3058edce85e
- https://phabricator.wikimedia.org/T418122
FAQ
What is CVE-2026-39937?
CVE-2026-39937 is a documented vulnerability. Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remed...
How severe is CVE-2026-39937?
CVSS scoring is not yet available for CVE-2026-39937. Check NVD for updates.
Is there a patch for CVE-2026-39937?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.