Login Sign Up

CVE-2026-0668

5.3 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes an Inefficient Regular Expression Complexity vulnerability (Regular Expression Exponential Blowup) in the MediaWiki VisualData Extension. It allows attackers to cause denial of service by crafting malicious input that triggers catastrophic backtracking in regular expressions. This affects MediaWiki installations using VisualData Extension version 1.45.

💻 Affected Systems

Products:
  • MediaWiki VisualData Extension
Versions: 1.45
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects MediaWiki installations with VisualData Extension enabled.

📦 What is this software?

Visualdata by Wikisphere

View all CVEs affecting Visualdata →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to resource exhaustion (CPU/memory) leading to denial of service for all users.

🟠

Likely Case

Degraded performance or temporary service disruption affecting users accessing pages with the vulnerable VisualData Extension.

🟢

If Mitigated

Minimal impact with proper input validation and resource limits in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires sending specially crafted input to endpoints using the vulnerable VisualData Extension.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check provided gerrit links for specific commit fixes

Vendor Advisory: https://phabricator.wikimedia.org/T387008

Restart Required: No

Instructions:

1. Review provided gerrit links for specific fixes. 2. Apply patches to VisualData Extension code. 3. Update to patched version of VisualData Extension.

🔧 Temporary Workarounds

Disable VisualData Extension

all

Temporarily disable the vulnerable VisualData Extension until patched.

Edit LocalSettings.php and remove or comment VisualData Extension loading

Implement Input Validation

all

Add input validation and length limits to endpoints using VisualData Extension.

🧯 If You Can't Patch

  • Implement WAF rules to block suspicious regex patterns or large inputs
  • Monitor server resources and implement rate limiting on affected endpoints

🔍 How to Verify

Check if Vulnerable:

Check if VisualData Extension version 1.45 is installed and enabled in MediaWiki.

Check Version:

Check MediaWiki extensions directory or extension.json file for VisualData Extension version

Verify Fix Applied:

Verify VisualData Extension has been updated with patches from provided gerrit links.

📡 Detection & Monitoring

Log Indicators:

  • High CPU/memory usage spikes
  • Slow response times from VisualData endpoints
  • Error logs showing regex timeouts

Network Indicators:

  • Unusually large POST requests to VisualData endpoints
  • Repeated requests to same VisualData endpoints

SIEM Query:

source="apache" OR source="nginx" AND (uri="*VisualData*" OR uri="*visualdata*") AND (response_time > 5000 OR status=500)

📊 Metadata

CVE ID: CVE-2026-0668
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-1333
EPSS Score: 0.06% exploit probability (18.6th percentile)
Published: January 7, 2026
Last Updated: February 24, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0668, you might also want to check these:

CVE-2023-29487 9.1

This CVE describes a denial-of-service vulnerability in Heimdal Thor agent's Threat To Process Corre...

Same vulnerability type (CWE-1333)
CVE-2025-62484 8.1

A regular expression complexity vulnerability in Zoom Workplace Clients allows unauthenticated attac...

Same vulnerability type (CWE-1333)
CVE-2024-4148 7.5

A Regular Expression Denial of Service (ReDoS) vulnerability in lunary-ai/lunary version 1.2.10 allo...

Same vulnerability type (CWE-1333)