MediaWiki vulnerabilities
Summary
It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated attacker could use this issue to determine if other users had two-factor authentication enabled. (CVE-2026-34087) It was discovered that MediaWiki incorrectly handled suppressed log entry titles in the RecentChanges list. An unauthenticated attacker could use this issue to view titles of deleted or suppressed pages that should be hidden. (CVE-2026-34088) It was discovered that MediaWiki incorrectly handled resource loading timing information. An attacker could use this issue to determine if certain pages existed on a wiki. (CVE-2026-34092) Affected Ubuntu releases: 24.04, 22.04, 20.04. CVEs: CVE-2026-34092, CVE-2026-34088, CVE-2026-34087.
- Ubuntu 24.04
- Ubuntu 22.04
- Ubuntu 20.04
Official advisory · medium-confidence parse· fetched 3 hours ago·verify at source
Mitigation checklist
- Apply available updates: `sudo apt update && sudo apt upgrade` (a standard system update installs the fix).
Official advisory · medium-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.