CVE-2026-43646

Summary

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket.

This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0.

Users are recommended to upgrade to version 10.9.0, which fixes the issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Wicket8.0.0 <= 8.17.0affected
Apache Software FoundationApache Wicket9.0.0 <= 9.22.0affected
Apache Software FoundationApache Wicket10.0.0 <= 10.8.0affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References