Description
Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch.
Published: 2026-04-07
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an infinite loop in the GrowthExperiments Extension of MediaWiki caused by an unreachable exit condition. The loop can run indefinitely, consuming system resources until the job is manually terminated. This uncontrolled execution can also be leveraged through Time‑of‑Check to Time‑of‑Use race conditions, allowing an adversary to exploit timing gaps during job processing. Such behavior can interrupt normal operation and potentially expose application state changes to unintended consumers.

Affected Systems

The affected product is the GrowthExperiments Extension maintained by the Wikimedia Foundation for MediaWiki. No specific release numbers are listed; the issue is present in all branches prior to the fix that was implemented only on the master branch.

Risk and Exploitability

The vulnerability scores a CVSS of 6.9, indicating moderate severity, and has an EPSS below 1%, meaning that exploitation probability is very low. It is not included in the CISA KEV catalog. The likely attack vector is through any user who can initiate the GrowthExperiments job via the MediaWiki interface or API, allowing the attacker to induce an infinite loop and possibly trigger timing-based side effects. While the theoretical impact could be service disruption or denial of service, real‑world exploitation would require the attacker to trigger the job and observe its effects, which is a low‑to‑moderate risk scenario for typical deployments.

Generated by OpenCVE AI on April 8, 2026 at 23:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the GrowthExperiments Extension to the most recent commit on the master branch that contains the infinite‑loop fix.
  • If an upgrade is not immediately possible, remove or disable the GrowthExperiments feature until the patch is applied.
  • Implement monitoring for prolonged worker processes and set timeouts or resource limits to prevent a single job from consuming excessive CPU or memory.
  • Verify that the hosting environment has up‑to‑date security patches and that MediaWiki core is current to reduce overall attack surface.

Generated by OpenCVE AI on April 8, 2026 at 23:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Wikimedia
Wikimedia mediawiki-growthexperiments Extension
Vendors & Products Wikimedia
Wikimedia mediawiki-growthexperiments Extension

Wed, 08 Apr 2026 22:30:00 +0000

Type Values Removed Values Added
Description Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects Mediawiki - GrowthExperiments Extension: 1.45.2, 1.44.4, 1.43.7. Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch.

Wed, 08 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Description Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects Mediawiki - GrowthExperiments Extension: 1.45.2, 1.44.4, 1.43.7.
Title Growth Experiments ReassignMenteesJob runs as an infinite loop
Weaknesses CWE-835
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L'}

Subscriptions

Wikimedia Mediawiki-growthexperiments Extension
cve-icon MITRE

Status: PUBLISHED

Assigner: wikimedia-foundation

Published:

Updated: 2026-04-08T22:04:41.006Z

Reserved: 2026-04-07T21:25:36.589Z

Link: CVE-2026-39934

cve-icon Vulnrichment

Updated: 2026-04-08T15:20:35.727Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-07T22:16:24.137

Modified: 2026-04-08T23:16:58.717

Link: CVE-2026-39934

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:28:37Z

Weaknesses