CVE-2026-34092
Publication date 11 May 2026
Last updated 13 May 2026
Ubuntu priority
Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| mediawiki | 26.04 LTS resolute |
Fixed 1:1.43.8+dfsg-2
|
| 25.10 questing |
Vulnerable
|
|
| 24.04 LTS noble |
Fixed 1:1.39.7-1ubuntu0.1~esm1
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialReferences
Related Ubuntu Security Notices (USN)
- USN-8315-1
- MediaWiki vulnerabilities
- 27 May 2026
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-34092
- https://phabricator.wikimedia.org/T384147
- https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265652 (REL1_43)
- https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1265638 (master)
- https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/DIBLSBHISKX6NFRUFNOGZRVW42E7R2QP/