What the vulnerability does
01Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2.
CVE-2026-34090
MEDIUM
CVE-2026-34090: Suggested investigations: Handle suppressed usernames
CVSS base score
4.8/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/R:U
Key dates
02Disclosure timeline
May 11, 2026
CVE published
May 11, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2022-30740
CVE-2021-29483 wikiconfig API leaked private config variables set through ManageWiki
CVE-2025-12525 Locker Content <= 1.0.0 - Unauthenticated Information Exposure
CVE-2020-9733 Sensitive information disclosure possible in AEM
CVE-2019-11294 CAPI leaks service broker URLs and GUIDs to space developers
