Identified this issue when checkusering a suspicious account; one of the IPs the account used was mw-ext-FileImporter, and at first glance it looked like it was some sort of shared IP because the "readout" on the CU result said:
- 2620:0:860:2:208:80:153:61 (block) (16:40, 21 September 2020 -- 03:33, 12 October 2020)  (~2,288 from all users)
- Check of the IP revealed that it ends every CU log entry with IP: 2620:0:860:2:208:80:153:61 mw-ext-FileImporter/* (https://www.mediawiki.org/wiki/Extension:FileImporter)
This is a problem.
*First, it doesn't give the XFF or true IP address of the person using the extension. It is acting essentially as an open proxy.
*Second, it's not restricted in its use to people with File Mover permission. The account I was checking does not have that permission.
*Third, if someone who used this extension recently got blocked with "autoblock" selected (as is standard on English Wikipedia), it would cause cascading blocks to every other user who tried to use the extension during the block period, until we figured out what was happening. It would essentially disable this extension on English Wikipedia.
Not sure how this wasn't noticed/reported before. But I was doing the Checkuser with the expectation that I would be blocking the account involved, and this was a close call. It is only a matter of luck that it hasn't happened already.