Home / mailings [USN-8315-1] MediaWiki vulnerabilities
Posted on 27 May 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8315-1
May 27, 2026
mediawiki vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
MediaWiki could be made to expose sensitive information over the
network.
Software Description:
- mediawiki: The collaborative editing software that runs Wikipedia.
Details:
It was discovered that MediaWiki incorrectly handled group membership
visibility in the OATHAuth extension. An authenticated attacker could
use this issue to determine if other users had two-factor authentication
enabled. (CVE-2026-34087)
It was discovered that MediaWiki incorrectly handled suppressed log entry
titles in the RecentChanges list. An unauthenticated attacker could use
this issue to view titles of deleted or suppressed pages that should be hidden.
(CVE-2026-34088)
It was discovered that MediaWiki incorrectly handled resource loading timing
information. An attacker could use this issue to determine if certain pages
existed on a wiki. (CVE-2026-34092)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
mediawiki 1:1.39.7-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
mediawiki 1:1.35.6-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
mediawiki 1:1.31.7-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8315-1
CVE-2026-34087, CVE-2026-34088, CVE-2026-34092
--===============3873806099803461235==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
