CVE-2026-58518

MEDIUM

THE Wikimedia Foundation Mediawiki - RedirectManager Extension < 1.3.3 - Cross-Site Request Forgery (CSRF)

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-58518. PoCs published by HermesNA-1.

AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-58518, a Cross-Site Request Forgery (CSRF) vulnerability in the MediaWiki RedirectManager extension. The code includes placeholder logic for target probing but lacks actual exploit implementation or technical details about the CSRF mechanism.

Description

Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from * before 1.3.3.

Exploits (1)

github STUB 1 stars
by HermesNA-1 · pythonpoc
https://github.com/HermesNA-1/SnakeSploit/tree/main/data/modules_generated/cve-2026-58518_cross-site_request_forgery.py

This repository contains an auto-generated stub module for CVE-2026-58518, a Cross-Site Request Forgery (CSRF) vulnerability in the MediaWiki RedirectManager extension. The code includes placeholder logic for target probing but lacks actual exploit implementation or technical details about the CSRF mechanism.

Classification
Stub 99%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: MediaWiki RedirectManager Extension (The Wikimedia Foundation)
No auth needed
Prerequisites: Target must have the vulnerable RedirectManager extension installed · Attacker must trick a logged-in user into visiting a malicious page
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

Scores

CVSS v3 6.3
EPSS 0.0009
EPSS Percentile 0.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (2)
mediawiki/mediawiki < 1.3.3
The Wikimedia Foundation/Mediawiki - RedirectManager Extension < 1.3.3
Published Jul 01, 2026
Tracked Since Jul 01, 2026