What the vulnerability does
01Description
Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through <= 1.15.0.
Explanation of Vulnerability in Simple Terms
02Summary
Wikipedia Preview versions up to 1.15.0 lack proper authorization checks, allowing unauthenticated attackers to modify or delete data over the network. No user interaction is required. The vulnerability affects data integrity and availability but not confidentiality. Update to a version newer than 1.15.0.
What an attacker can do
03Attacker Capabilities
Modify or delete data in Wikipedia Preview without authentication.
Potential impact on your site
04Site Impact
Unauthorized users can alter or remove content; data integrity cannot be guaranteed.
Conditions required to exploit
05Prerequisites
Network access to the affected Wikipedia Preview instance; no authentication required.
Key dates
06Disclosure timeline
October 22, 2025
CVE published
April 28, 2026
Record updated