CVE-2026-43646 | Apache Wicket up to 8.16.x/9.21.x/10.7.x PackageResourceGuard access control

Inserito da Angelo Barbosa | Mag 6, 2026 | CVE

A vulnerability marked as critical has been reported in Apache Wicket up to 8.16.x/9.21.x/10.7.x. Affected by this vulnerability is an unknown functionality of the component PackageResourceGuard. The manipulation leads to improper access controls.

This vulnerability is referenced as CVE-2026-43646. Remote exploitation of the attack is possible. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-43646 | Apache Wicket up to 8.16.x/9.21.x/10.7.x PackageResourceGuard access control

Post correlati

CVE-2025-39838 | Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4 cifs __cifs_sfu_make_node null pointer dereference

CVE-2024-31308 | VJInfotech WP Import Export Lite Plugin up to 3.9.26 on WordPress deserialization

CVE-2025-14548 | Calendar Plugin up to 1.3.16 on WordPress event_desc cross site scripting

CVE-2026-27305 | Adobe ColdFusion up to 2023.18/2025.6 path traversal (apsb26-38)