Apache Wicket has an Exposure of Sensitive Information to an Unauthorized Actor vulnerability

GHSA-jvv4-8wxx-m5r6 · CVE-2026-43646

Published May 6, 2026 · Modified May 11, 2026

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket.

This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0.

Users are recommended to upgrade to version 10.9.0, which fixes the issue.

Ready to move

Free, no credit card | First findings in minutes