A vulnerability described as critical has been identified in Apache Wicket up to 8.16.x/9.21.x/10.7.x. Affected by this issue is some unknown functionality of the component FolderUploadsFileManager. The manipulation results in path traversal.
This vulnerability is identified as CVE-2026-43975. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is recommended.
