PT-2026-37431 · Apache · Apache Wicket
Published
2026-05-06
·
Updated
2026-05-06
·
CVE-2026-43646
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket.
This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0.
Users are recommended to upgrade to version 10.9.0, which fixes the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Wicket