CVE-2026-40010 | Apache Wicket up to 8.16.x/9.21.x/10.7.x session fixiation

May 6, 2026 Yanac

A vulnerability was found in Apache Wicket up to 8.16.x/9.21.x/10.7.x. It has been declared as critical. The affected element is an unknown function. The manipulation results in session fixiation.

This vulnerability is known as CVE-2026-40010. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More