An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a userβs current username is beyond an arbitrary maximum configuration value (MaxNameChars).