HIGHCVE-2026-0669Published 2026-01-07Modified 2026-01-07CNA wikimedia-foundation

CVE-2026-0669: Path Traversal vulnerability in CSS extension on certain web servers

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Wikimedia Foundation / MediaWiki - CSS extension
1.44 · 1.43 · 1.39

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

phabricator.wikimedia.org
gerrit.wikimedia.org

Metrics