Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.
References
| Link | Resource |
|---|---|
| https://gerrit.wikimedia.org/r/q/Ia15bf3f2e5a341868568492a736ac3dbf706c22e | Patch |
| https://phabricator.wikimedia.org/T401526 | Exploit Issue Tracking |
Configurations
Configuration 1 (hide)
| AND |
|
History
23 Feb 2026, 18:45
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://gerrit.wikimedia.org/r/q/Ia15bf3f2e5a341868568492a736ac3dbf706c22e - Patch | |
| References | () https://phabricator.wikimedia.org/T401526 - Exploit, Issue Tracking | |
| CPE | cpe:2.3:a:mediawiki:mediawiki:1.39.0:-:*:*:*:*:*:* cpe:2.3:a:mediawiki:mediawiki:1.44.0:*:*:*:*:*:*:* cpe:2.3:a:mediawiki:mediawiki:1.43.0:-:*:*:*:*:*:* cpe:2.3:a:css_project:css:-:*:*:*:*:mediawiki:*:* |
|
| First Time |
Mediawiki
Mediawiki mediawiki Css Project css Css Project |
07 Jan 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
07 Jan 2026, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-07 18:15
Updated : 2026-02-23 18:45
NVD link : CVE-2026-0669
Mitre link : CVE-2026-0669
CVE.ORG link : CVE-2026-0669
JSON object : View
Products Affected
mediawiki
- mediawiki
css_project
- css
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')