CVE-2026-0817

CVE-2026-0817: CampaignEvents API missing authorization exposes meeting and chat URLs

Vendor Wikimedia Foundation
Product MediaWiki - CampaignEvents extension
Weakness CWE-862 · Missing authorization
Published January 9, 2026
Last update January 9, 2026

CVSS base score

What the vulnerability does

01Description

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39.

Key dates

02Disclosure timeline

January 9, 2026 CVE published
January 9, 2026 Record updated