CVE-2026-34087
Users API leaks whether privileged users have their user groups disabled for lack of 2FA
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth.
This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/RE:M
Produtos afetados
Wikimedia Foundation · OATHAuthQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://phabricator.wikimedia.org/T412061