CVE-2026-0668

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-0668
Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://gerrit.wikimedia.org/r/q/I4ff2737c9f0ba805267d1fc8296e7cff61241ee3 Patch
https://gerrit.wikimedia.org/r/q/I893a9fca694a2613e29e149dea2d76d7f06063e5 Patch
https://gerrit.wikimedia.org/r/q/Ie08d9a8ceb2c9a22a635cfc27964353f14072dbf Patch
https://gerrit.wikimedia.org/r/q/Ifbf9c2ade621226e14fe852f3217293772bf8bb8 Patch
https://phabricator.wikimedia.org/T387008 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:wikisphere:visualdata:-:*:*:*:*:mediawiki:*:*
cpe:2.3:a:mediawiki:mediawiki:1.45.0:*:*:*:*:*:*:*
History

24 Feb 2026, 18:32

Type Values Removed Values Added
References () https://gerrit.wikimedia.org/r/q/I4ff2737c9f0ba805267d1fc8296e7cff61241ee3 - () https://gerrit.wikimedia.org/r/q/I4ff2737c9f0ba805267d1fc8296e7cff61241ee3 - Patch
References () https://gerrit.wikimedia.org/r/q/I893a9fca694a2613e29e149dea2d76d7f06063e5 - () https://gerrit.wikimedia.org/r/q/I893a9fca694a2613e29e149dea2d76d7f06063e5 - Patch
References () https://gerrit.wikimedia.org/r/q/Ie08d9a8ceb2c9a22a635cfc27964353f14072dbf - () https://gerrit.wikimedia.org/r/q/Ie08d9a8ceb2c9a22a635cfc27964353f14072dbf - Patch
References () https://gerrit.wikimedia.org/r/q/Ifbf9c2ade621226e14fe852f3217293772bf8bb8 - () https://gerrit.wikimedia.org/r/q/Ifbf9c2ade621226e14fe852f3217293772bf8bb8 - Patch
References () https://phabricator.wikimedia.org/T387008 - () https://phabricator.wikimedia.org/T387008 - Exploit, Issue Tracking
First Time Wikisphere
Mediawiki
Wikisphere visualdata
Mediawiki mediawiki
CPE cpe:2.3:a:wikisphere:visualdata:-:*:*:*:*:mediawiki:*:*
cpe:2.3:a:mediawiki:mediawiki:1.45.0:*:*:*:*:*:*:*

07 Jan 2026, 21:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

07 Jan 2026, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-07 18:15

Updated : 2026-02-24 18:32

NVD link : CVE-2026-0668

Mitre link : CVE-2026-0668

CVE.ORG link : CVE-2026-0668

JSON object : View

Products Affected

mediawiki

  • mediawiki

wikisphere

  • visualdata
CWE
CWE-1333

Inefficient Regular Expression Complexity