CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-43646

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.7%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2026-43646

Apache » Wicket » Version: 10.0.0

cpe:2.3:a:apache:wicket:10.0.0
Apache » Wicket » Version: 10.1.0

cpe:2.3:a:apache:wicket:10.1.0
Apache » Wicket » Version: 10.2.0

cpe:2.3:a:apache:wicket:10.2.0
Apache » Wicket » Version: 10.3.0

cpe:2.3:a:apache:wicket:10.3.0
Apache » Wicket » Version: 10.4.0

cpe:2.3:a:apache:wicket:10.4.0
Apache » Wicket » Version: 10.5.0

cpe:2.3:a:apache:wicket:10.5.0
Apache » Wicket » Version: 8.0.0

cpe:2.3:a:apache:wicket:8.0.0
Apache » Wicket » Version: 8.1.0

cpe:2.3:a:apache:wicket:8.1.0
Apache » Wicket » Version: 8.10.0

cpe:2.3:a:apache:wicket:8.10.0
Apache » Wicket » Version: 8.11.0

cpe:2.3:a:apache:wicket:8.11.0
Apache » Wicket » Version: 8.12.0

cpe:2.3:a:apache:wicket:8.12.0
Apache » Wicket » Version: 8.13.0

cpe:2.3:a:apache:wicket:8.13.0
Apache » Wicket » Version: 8.14.0

cpe:2.3:a:apache:wicket:8.14.0
Apache » Wicket » Version: 8.15.0

cpe:2.3:a:apache:wicket:8.15.0
Apache » Wicket » Version: 8.16.0

cpe:2.3:a:apache:wicket:8.16.0
Apache » Wicket » Version: 8.17.0

cpe:2.3:a:apache:wicket:8.17.0
Apache » Wicket » Version: 8.2.0

cpe:2.3:a:apache:wicket:8.2.0
Apache » Wicket » Version: 8.3.0

cpe:2.3:a:apache:wicket:8.3.0
Apache » Wicket » Version: 8.4.0

cpe:2.3:a:apache:wicket:8.4.0
Apache » Wicket » Version: 8.5.0

cpe:2.3:a:apache:wicket:8.5.0
Apache » Wicket » Version: 8.6.0

cpe:2.3:a:apache:wicket:8.6.0
Apache » Wicket » Version: 8.6.1

cpe:2.3:a:apache:wicket:8.6.1
Apache » Wicket » Version: 8.7.0

cpe:2.3:a:apache:wicket:8.7.0
Apache » Wicket » Version: 8.8.0

cpe:2.3:a:apache:wicket:8.8.0
Apache » Wicket » Version: 8.9.0

cpe:2.3:a:apache:wicket:8.9.0
Apache » Wicket » Version: 9.0.0

cpe:2.3:a:apache:wicket:9.0.0
Apache » Wicket » Version: 9.1.0

cpe:2.3:a:apache:wicket:9.1.0
Apache » Wicket » Version: 9.10.0

cpe:2.3:a:apache:wicket:9.10.0
Apache » Wicket » Version: 9.11.0

cpe:2.3:a:apache:wicket:9.11.0
Apache » Wicket » Version: 9.12.0

cpe:2.3:a:apache:wicket:9.12.0
Apache » Wicket » Version: 9.13.0

cpe:2.3:a:apache:wicket:9.13.0
Apache » Wicket » Version: 9.14.0

cpe:2.3:a:apache:wicket:9.14.0
Apache » Wicket » Version: 9.15.0

cpe:2.3:a:apache:wicket:9.15.0
Apache » Wicket » Version: 9.16.0

cpe:2.3:a:apache:wicket:9.16.0
Apache » Wicket » Version: 9.17.0

cpe:2.3:a:apache:wicket:9.17.0
Apache » Wicket » Version: 9.18.0

cpe:2.3:a:apache:wicket:9.18.0
Apache » Wicket » Version: 9.19.0

cpe:2.3:a:apache:wicket:9.19.0
Apache » Wicket » Version: 9.2.0

cpe:2.3:a:apache:wicket:9.2.0
Apache » Wicket » Version: 9.20.0

cpe:2.3:a:apache:wicket:9.20.0
Apache » Wicket » Version: 9.21.0

cpe:2.3:a:apache:wicket:9.21.0
Apache » Wicket » Version: 9.22.0

cpe:2.3:a:apache:wicket:9.22.0
Apache » Wicket » Version: 9.3.0

cpe:2.3:a:apache:wicket:9.3.0
Apache » Wicket » Version: 9.4.0

cpe:2.3:a:apache:wicket:9.4.0
Apache » Wicket » Version: 9.5.0

cpe:2.3:a:apache:wicket:9.5.0
Apache » Wicket » Version: 9.6.0

cpe:2.3:a:apache:wicket:9.6.0
Apache » Wicket » Version: 9.7.0

cpe:2.3:a:apache:wicket:9.7.0
Apache » Wicket » Version: 9.8.0

cpe:2.3:a:apache:wicket:9.8.0
Apache » Wicket » Version: 9.9.0

cpe:2.3:a:apache:wicket:9.9.0
Apache » Wicket » Version: 9.9.1

cpe:2.3:a:apache:wicket:9.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-43646

Products

Pricing

Contact Us