A vulnerability described as problematic has been identified in Wikimedia Cargo Extension up to 3.8.6 on Mediawiki. Affected is an unknown function. Executing a manipulation can lead to basic cross site scripting. This vulnerability appears as CVE-2026-39841 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.