CVE-2026-5762

MEDIUM

ReportIncident DiscussionTools integration causes slow requests

Title source: cna

Description

Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS. This issue was remediated only on the `master` branch.

References (3)

https://phabricator.wikimedia.org/T411394

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ReportIncident/+/1226884

https://phabricator.wikimedia.org/T414582

Scores

CVSS v4 5.3

EPSS 0.0005

EPSS Percentile 14.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (7)

Wikimedia Foundation/MediaWiki - ReportIncident Extension < 1.43

Wikimedia Foundation/MediaWiki - ReportIncident Extension 1.43

Wikimedia Foundation/MediaWiki - ReportIncident Extension 1.43.7

Wikimedia Foundation/MediaWiki - ReportIncident Extension 1.44

Wikimedia Foundation/MediaWiki - ReportIncident Extension 1.44.4

Wikimedia Foundation/MediaWiki - ReportIncident Extension 1.45

Wikimedia Foundation/MediaWiki - ReportIncident Extension 1.45.2

Published Apr 07, 2026

Tracked Since Apr 08, 2026