Vulnerabilities ›

CVE-2026-34090

High

CWE-200 — Weakness Type

                    Published: May 11, 2026                      ·  Modified: May 18, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser.

This issue affects CheckUser: from 1.45.0 before 1.45.2.

🤖 AI Executive Summary

CVE-2026-34090 is a sensitive information exposure vulnerability in Wikimedia Foundation's CheckUser extension versions 1.45.0 through 1.45.1. Unauthorized actors can access restricted user information that should only be available to administrators.

📄 Description (Arabic)

ثغرة في ملحق CheckUser من Wikimedia تسمح بكشف المعلومات الحساسة للمستخدمين غير المصرح لهم. تؤثر الثغرة على الإصدارات من 1.45.0 إلى 1.45.1 وتسمح بالوصول إلى بيانات يجب أن تكون مقيدة للمسؤولين فقط.

🤖 ملخص تنفيذي (AI)

This vulnerability allows unauthorized access to sensitive user data in CheckUser extension versions 1.45.0 to 1.45.1. The flaw exposes information that should be restricted to administrative personnel only.

🤖 AI Intelligence Analysis Analyzed: May 15, 2026 01:15

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government telecom

🎯 MITRE ATT&CK Techniques

T1040 T1020 T1526

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update CheckUser extension to version 1.45.2 or later immediately. Review access logs for unauthorized information access. Verify user permissions and audit administrative accounts for suspicious activity.

🔧 خطوات المعالجة (العربية)

قم بتحديث ملحق CheckUser إلى الإصدار 1.45.2 أو أحدث فوراً. راجع سجلات الوصول للكشف عن أي وصول غير مصرح. تحقق من صلاحيات المستخدمين وراجع حسابات المسؤولين للنشاط المريب.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 6.1

🔵 SAMA CSF

AC-2 AC-3 AU-2

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.4.3

🔗 References & Sources 1

🔗

https://phabricator.wikimedia.org/T411366

c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

Issue Tracking Patch

📦 Affected Products / CPE 1 entries

mediawiki:checkuser

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-200

EPSS0.04%

Exploit No

Patch ✓ Yes

Published 2026-05-11

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-200

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-34090

Introduce Yourself

Sign In Required