1. Ubuntu Security Notices
  2. USN-8315-1

USN-8315-1: MediaWiki vulnerabilities

Publication date

27 May 2026

Overview

MediaWiki could be made to expose sensitive information over the network.

Releases

Packages

  • mediawiki - The collaborative editing software that runs Wikipedia.

Details

It was discovered that MediaWiki incorrectly handled group membership
visibility in the OATHAuth extension. An authenticated attacker could
use this issue to determine if other users had two-factor authentication
enabled. (CVE-2026-34087)

It was discovered that MediaWiki incorrectly handled suppressed log entry
titles in the RecentChanges list. An unauthenticated attacker could use
this issue to view titles of deleted or suppressed pages that should be hidden.
(CVE-2026-34088)

It was discovered that MediaWiki incorrectly handled resource loading timing
information. An attacker could use this issue to determine if certain pages
existed on a wiki. (CVE-2026-34092)

It was discovered that MediaWiki incorrectly handled group membership
visibility in the OATHAuth extension. An authenticated attacker could
use this issue to determine if other users had two-factor authentication
enabled. (CVE-2026-34087)

It was discovered that MediaWiki incorrectly handled suppressed log entry
titles in the RecentChanges list. An unauthenticated attacker could use
this issue to view titles of deleted or suppressed pages that should be hidden.
(CVE-2026-34088)

It was discovered that MediaWiki incorrectly handled resource loading timing
information. An attacker could use this issue to determine if certain pages
existed on a wiki. (CVE-2026-34092)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.04 LTS noble mediawiki –  1:1.39.7-1ubuntu0.1~esm1  
22.04 LTS jammy mediawiki –  1:1.35.6-1ubuntu0.1~esm1  
20.04 LTS focal mediawiki –  1:1.31.7-1ubuntu0.1~esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›