Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue.

INFO

Published Date :

2026-05-06T08:31:50.560Z

Last Modified :

2026-05-06T09:51:14.174Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2026-43646 vulnerability.

Vendors Products
Apache
  • Wicket
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-43646.

URL Resource
https://lists.apache.org/thread/6zqcvjyz4lsqty1z2g5hg7pl5fqk88rs cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System