Primary

Context

Apache Wicket Exposure of Sensitive Information Vulnerability

Vulnerability

Patched

A vulnerability allowing the exposure of sensitive information to unauthorized actors exists in Apache Wicket. This issue affects versions 8.0.0 prior to 8.17.0, 9.0.0 prior to 9.22.0, and 10.0.0 prior to 10.8.0. The vulnerability arises from crafted URLs that can bypass the PackageResourceGuard, potentially leading to unauthorized access to sensitive information.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information.

Remediation

Users are advised to upgrade to Apache Wicket version 10.9.0, which addresses this vulnerability.

Added: May 6, 2026, 10:21 AM

Updated: May 6, 2026, 10:21 AM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

4.7

remediation

7.7

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

4.7

remediation

7.7

relevance

7.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Wicket Exposure of Sensitive Information Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Wicket

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating