CVE-2026-43975
medium
CVSS v3
6.5
CVSS v2
—
VIR risk
6.5
Description
Apache Wicket has a Path Traversal issue
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@apache.org — https://lists.apache.org/thread/xp2jrdk6ppv1zcmxb4w1mk2lg1dw3hbr
Vendor advisory: security@apache.org — https://github.com/apache/wicket/pull/1432
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.wicket:wicket-core | >=8.0.0-M1,<=8.17.0 | |
| Maven | org.apache.wicket:wicket-core | >=9.0.0-M1,<=9.22.0 | |
| Maven | org.apache.wicket:wicket-core | >=10.0.0-M1,<10.9.0 | 10.9.0 |
| MAVEN | org.apache.wicket:wicket-core | >= 10.0.0-M1, <= 10.8.0 | 10.9.0 |
| MAVEN | org.apache.wicket:wicket-core | >= 9.0.0-M1, <= 9.22.0 | |
| MAVEN | org.apache.wicket:wicket-core | >= 8.0.0-M1, <= 8.17.0 | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | wicket | {"startIncluding":"8.0.0","endIncluding":"8.17.0"} | |
References
- https://github.com/apache/wicket/pull/1432
- https://lists.apache.org/thread/xp2jrdk6ppv1zcmxb4w1mk2lg1dw3hbr
- http://www.openwall.com/lists/oss-security/2026/05/06/4
- https://nvd.nist.gov/vuln/detail/CVE-2026-43975
- https://github.com/apache/wicket/commit/72470983f689c61e6a6c0b7388ef955f23bb1e16
- https://github.com/apache/wicket
- https://github.com/advisories/GHSA-3gmf-p6r4-q8m6
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.