CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42509

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.2%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2026-42509

Apache » Wicket » Version: 10.0.0

cpe:2.3:a:apache:wicket:10.0.0
Apache » Wicket » Version: 10.1.0

cpe:2.3:a:apache:wicket:10.1.0
Apache » Wicket » Version: 10.2.0

cpe:2.3:a:apache:wicket:10.2.0
Apache » Wicket » Version: 10.3.0

cpe:2.3:a:apache:wicket:10.3.0
Apache » Wicket » Version: 10.4.0

cpe:2.3:a:apache:wicket:10.4.0
Apache » Wicket » Version: 10.5.0

cpe:2.3:a:apache:wicket:10.5.0
Apache » Wicket » Version: 8.0.0

cpe:2.3:a:apache:wicket:8.0.0
Apache » Wicket » Version: 8.1.0

cpe:2.3:a:apache:wicket:8.1.0
Apache » Wicket » Version: 8.10.0

cpe:2.3:a:apache:wicket:8.10.0
Apache » Wicket » Version: 8.11.0

cpe:2.3:a:apache:wicket:8.11.0
Apache » Wicket » Version: 8.12.0

cpe:2.3:a:apache:wicket:8.12.0
Apache » Wicket » Version: 8.13.0

cpe:2.3:a:apache:wicket:8.13.0
Apache » Wicket » Version: 8.14.0

cpe:2.3:a:apache:wicket:8.14.0
Apache » Wicket » Version: 8.15.0

cpe:2.3:a:apache:wicket:8.15.0
Apache » Wicket » Version: 8.16.0

cpe:2.3:a:apache:wicket:8.16.0
Apache » Wicket » Version: 8.17.0

cpe:2.3:a:apache:wicket:8.17.0
Apache » Wicket » Version: 8.2.0

cpe:2.3:a:apache:wicket:8.2.0
Apache » Wicket » Version: 8.3.0

cpe:2.3:a:apache:wicket:8.3.0
Apache » Wicket » Version: 8.4.0

cpe:2.3:a:apache:wicket:8.4.0
Apache » Wicket » Version: 8.5.0

cpe:2.3:a:apache:wicket:8.5.0
Apache » Wicket » Version: 8.6.0

cpe:2.3:a:apache:wicket:8.6.0
Apache » Wicket » Version: 8.6.1

cpe:2.3:a:apache:wicket:8.6.1
Apache » Wicket » Version: 8.7.0

cpe:2.3:a:apache:wicket:8.7.0
Apache » Wicket » Version: 8.8.0

cpe:2.3:a:apache:wicket:8.8.0
Apache » Wicket » Version: 8.9.0

cpe:2.3:a:apache:wicket:8.9.0
Apache » Wicket » Version: 9.0.0

cpe:2.3:a:apache:wicket:9.0.0
Apache » Wicket » Version: 9.1.0

cpe:2.3:a:apache:wicket:9.1.0
Apache » Wicket » Version: 9.10.0

cpe:2.3:a:apache:wicket:9.10.0
Apache » Wicket » Version: 9.11.0

cpe:2.3:a:apache:wicket:9.11.0
Apache » Wicket » Version: 9.12.0

cpe:2.3:a:apache:wicket:9.12.0
Apache » Wicket » Version: 9.13.0

cpe:2.3:a:apache:wicket:9.13.0
Apache » Wicket » Version: 9.14.0

cpe:2.3:a:apache:wicket:9.14.0
Apache » Wicket » Version: 9.15.0

cpe:2.3:a:apache:wicket:9.15.0
Apache » Wicket » Version: 9.16.0

cpe:2.3:a:apache:wicket:9.16.0
Apache » Wicket » Version: 9.17.0

cpe:2.3:a:apache:wicket:9.17.0
Apache » Wicket » Version: 9.18.0

cpe:2.3:a:apache:wicket:9.18.0
Apache » Wicket » Version: 9.19.0

cpe:2.3:a:apache:wicket:9.19.0
Apache » Wicket » Version: 9.2.0

cpe:2.3:a:apache:wicket:9.2.0
Apache » Wicket » Version: 9.20.0

cpe:2.3:a:apache:wicket:9.20.0
Apache » Wicket » Version: 9.21.0

cpe:2.3:a:apache:wicket:9.21.0
Apache » Wicket » Version: 9.22.0

cpe:2.3:a:apache:wicket:9.22.0
Apache » Wicket » Version: 9.3.0

cpe:2.3:a:apache:wicket:9.3.0
Apache » Wicket » Version: 9.4.0

cpe:2.3:a:apache:wicket:9.4.0
Apache » Wicket » Version: 9.5.0

cpe:2.3:a:apache:wicket:9.5.0
Apache » Wicket » Version: 9.6.0

cpe:2.3:a:apache:wicket:9.6.0
Apache » Wicket » Version: 9.7.0

cpe:2.3:a:apache:wicket:9.7.0
Apache » Wicket » Version: 9.8.0

cpe:2.3:a:apache:wicket:9.8.0
Apache » Wicket » Version: 9.9.0

cpe:2.3:a:apache:wicket:9.9.0
Apache » Wicket » Version: 9.9.1

cpe:2.3:a:apache:wicket:9.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42509

Products

Pricing

Contact Us