CVE-2026-0817 PUBLISHED

CampaignEvents API missing authorization exposes meeting and chat URLs

Assigner: wikimedia-foundation
Reserved: 09.01.2026 Published: 09.01.2026 Updated: 09.01.2026

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39.

Product Status

Vendor	Wikimedia Foundation
Product	MediaWiki - CampaignEvents extension
Versions	Default: unaffected Version 1.45 is affected Version 1.44 is affected Version 1.43 is affected Version 1.39 is affected

References

https://phabricator.wikimedia.org/T410560
https://gerrit.wikimedia.org/r/q/I7ed0049691258c8bd2555e599b9b88490fbe3358

Problem Types

CWE-862 Missing Authorization CWE

Impacts

CAPEC-122 Privilege Abuse