Description
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characters into the search bar to trigger an application crash.
Published: 2026-04-04
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

An oversized input submitted through the application’s search field causes the program to crash, resulting in a denial of service. The flaw is a missing authentication weakness, as attackers can trigger the crash without any credentials. By entering a large buffer of repeated characters into the search bar, an attacker can immediately bring the application down.

Affected Systems

The affected product is the Wikipedia application, specifically version 12.0. No other vulnerable versions are listed in the CNA data.

Risk and Exploitability

The CVSS score of 8.7 signals high severity, and the lack of a KEV listing implies no confirmed active exploitation. Attackers need only interact with the search interface; no special privileges or network access are required. Because the vulnerability causes a crash, it results in an immediate loss of availability for the affected instance. The EPSS score is unavailable, so the precise likelihood of exploitation cannot be quantified, but the high severity and absence of mitigation suggest that the risk remains substantial.

Generated by OpenCVE AI on April 5, 2026 at 00:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Wikipedia application to the latest available version, which removes the vulnerability.
  • If no update is available, avoid using the search feature or limit its use by user controls where possible.
  • Restart the application after a crash to restore functionality.
  • Check the vendor’s security advisories for further updates or workarounds.

Generated by OpenCVE AI on April 5, 2026 at 00:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Wikipedia
Wikipedia wikipedia
Vendors & Products Wikipedia
Wikipedia wikipedia

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Description Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characters into the search bar to trigger an application crash.
Title Wikipedia 12.0 Denial of Service via Search
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Wikipedia Wikipedia
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T18:02:53.895Z

Reserved: 2026-04-04T13:20:57.565Z

Link: CVE-2018-25246

cve-icon Vulnrichment

Updated: 2026-04-06T17:59:30.679Z

cve-icon NVD

Status : Deferred

Published: 2026-04-04T20:16:18.210

Modified: 2026-04-16T16:15:56.380

Link: CVE-2018-25246

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:30Z

Weaknesses