CVE-2026-0668

MEDIUM

MediaWiki - VisualData Extension <1.45 - RCE

Title source: llm

Description

Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.

References (5)

[Various Sources] https://gerrit.wikimedia.org/r/q/I4ff2737c9f0ba805267d1fc8296e7cff61241ee3

[Various Sources] https://gerrit.wikimedia.org/r/q/I893a9fca694a2613e29e149dea2d76d7f06063e5

[Various Sources] https://gerrit.wikimedia.org/r/q/Ie08d9a8ceb2c9a22a635cfc27964353f14072dbf

[Various Sources] https://gerrit.wikimedia.org/r/q/Ifbf9c2ade621226e14fe852f3217293772bf8bb8

[Issue Tracking] https://phabricator.wikimedia.org/T387008

Scores

CVSS v3 5.3

EPSS 0.0008

EPSS Percentile 22.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1333

Status published

Products (1)

wikisphere/visualdata

Published Jan 07, 2026

Tracked Since Feb 18, 2026