CVE-2026-5762EXPLOITEDPATCHED

wikimedia foundation · mediawiki - reportincident extension

ReportIncident DiscussionTools integration causes slow requests

Description

Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS. This issue was remediated only on the `master` branch.

Affected Products

Vendor	Product	Versions
wikimedia foundation	mediawiki - reportincident extension	0, 1.43, 1.44, 1.45

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	mediawiki	cert_advisory	90%

References

Related News (2 articles)

Tier B

BSI Advisories4h ago

[NEU] [hoch] MediaWiki Erweiterungen: Mehrere Schwachstellen ermöglichen Cross-Site Scripting

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-5762 | Wikimedia Reportcident Extension 1.43.7/1.44.4/1.45.2 on MediaWiki allocation of resources

→ No new info (linked only)

CVSS 3.17.5 NONE

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

1.43

CWECWE-770

PublishedApr 7, 2026

Last enriched2d agov2

Trending Score58

Source articles2

Independent2

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-39840EXP

CSS injection in multiple Cargo display formats

Trending: 65

NONECVE-2026-39934EXP

Growth Experiments ReassignMenteesJob runs as an infinite loop

Trending: 60

HIGHCVE-2026-39839

Stored XSS through URLs in Cargo's map format

Trending: 46

HIGHCVE-2026-39837

Stored XSS through the dynamic table format in Cargo

Trending: 46

HIGHCVE-2026-39841

Stored XSS through list fields on Cargo's page values and Special:CargoTables

Trending: 46

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 7, 2026

Discovered by ZDM

Apr 7, 2026

Updated: severity, cvssEstimate, activelyExploited

Apr 7, 2026

Actively Exploited

Apr 8, 2026

Patch Available

Apr 8, 2026

Version History

Last enriched 2d ago

v2Tier C2d ago

Updated severity to HIGH, added CVSS estimate of 7.5, and marked the vulnerability as actively exploited.

severitycvssEstimateactivelyExploited

via VulDB

v12d ago

Initial creation