CVE-2026-42509 | Apache Wicket up to 8.16.x/9.21.x/10.7.x JavaScript cross site scripting

A vulnerability categorized as problematic has been discovered in Apache Wicket up to 8.16.x/9.21.x/10.7.x. This affects an unknown function of the component JavaScript Handler. Such manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-42509. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More